raSMP.Index.PHP.User.Agent.XSS
Description
This indicates an attack attempt against a Cross Site Scripting vulnerability in raSMP.
The vulnerability occurs because the user input filters fail to properly sanitize the "User-Agent" header that is passed to "index.php". An attacker may include shell commands by supplying an injection string through the HTTP header.
Affected Products
raSMP raSMP 2.0.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any officially supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |