raSMP.Index.PHP.User.Agent.XSS

description-logoDescription

This indicates an attack attempt against a Cross Site Scripting vulnerability in raSMP.
The vulnerability occurs because the user input filters fail to properly sanitize the "User-Agent" header that is passed to "index.php". An attacker may include shell commands by supplying an injection string through the HTTP header.

affected-products-logoAffected Products

raSMP raSMP 2.0.0

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any officially supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)