RipeCMS.Parameter.Level.File.Inclusion
Description
Ripe Website Manager has multiple remote file include vulnerabilities. A remote attacker could execute arbitrary script code on the web server with the privileges of the server. This can be done by sending a specially crafted URL request to the 'admin/includes/author_panel_header' script or the 'admin/includes/admin_header.php' script, using the 'level' parameter to specify a malicious PHP file from a remote system.
Affected Products
Ripe Website Manager version 0.8.9 and prior.
Impact
System compromise, remote script execution.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |