Intrusion Prevention

OFFL.DOC.ROOT.File.Inclusion

Description

This indicates a vulnerability in Online Fantasy Football League (OFFL). This vulnerability is caused the failure to validate the "DOC_ROOT" parameter in the "lib/functions.php" and "lib/header.php" scripts. It allows remote attackers to include malicious PHP scripts and execute arbitrary commands.

Affected Products

OFFL OFFL 0.2.6
OFFL OFFL 0.2.3

Impact

System compromise, remote script execution.

Recommended Actions

Currently we are not aware of any official fix for this issue.

CVE References

CVE-2007-4809