Php.Blue.Dragon.Activecontent.PHP.File.Inclusion
Description
Php Blue Dragon CMS has a remote file inclusion vulnerability. A remote attacker could execute arbitrary scripts on a web server with the privileges of the server via a specially crafted URL request to the 'public_includes/pub_blocks/activecontent.php' script, by using the 'vsDragonRootPath' parameter to specify a malicious PHP file from a remote system.
Affected Products
Php Blue Dragon CMS version 3.0.0 and prior.
Impact
System compromise, remote script execution.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |