Graphiks.GrapAgenda.Index.php.Remote.File.Inclusion
Description
This indicates an attack attempt to exploit a File Inclusion vulnerability in Graphiks GrapAgenda.
The vulnerability is due to insufficient sanitizing of user supplied inputs. A remote attacker can include arbitrary files and execute it within the context of the application.
A remote attacker could execute arbitrary scripts on the web server, with the privileges of the server. This can be accomplished via a specially crafted URL request to the 'index.php' script, using the 'page' parameter to specify a malicious PHP file from a remote system.
Affected Products
GrapAgenda version 0.1 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems
Recommended Actions
Currently we are not aware of any vendor supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |