PHPAuction.PHPAds_Path.Remote.File.Inclusion

description-logoDescription

This indicates a possible attempt to exploit a PHP remote File Inclusion vulnerability in Albasoftware Phpauction with phpAdsNew 2.0.5.
The vulnerability, which is in "phpAdsNew/view.inc.php", may allow remote attackers to execute arbitrary PHP code via a URL in the "phpAds_path" parameter.

affected-products-logoAffected Products

Albasoftware PHPAuction 2.1 and possibly later versions, with phpAdsNew 2.0.5.

Impact logoImpact

System Compromise: Remote code execution.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor supplied patch or update for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)