Smart.Publisher.Disp.PHP.Filedata.Parameter.Code.Injection
Description
This indicates an attempt to exploit a code injection vulnerability in Smart Publisher.
The vulnerability is caused by an input validation error in "admin/op/disp.php" when handling input passed to "filedata". It allows remote attackers to execute arbitrary php code via a specially crafted http request.
Affected Products
Netwerk Smart Publisher 1.0.1
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-11 | 16.995 |