phphtml.PHP.File.Inclusion
Description
PHP::HTML has a remote file inclusion vulnerability. A remote attacker could execute an arbitrary script on a vulnerable web server, with the privileges of the server, via a specially-crafted URL request to the 'phphtml' script, using the 'htmlclass_path' parameter to specify a malicious PHP file from a remote system.
Affected Products
PHP::HTML version 0.6.4 and prior.
Impact
System compromise.
Recommended Actions
Currently we are not aware of any official supplied fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |