Intrusion Prevention

Eaton.Network.Shutdown.Module.Remote.PHP.Code.Injection

Description

This indicates an attack attempt against a PHP Code Injection vulnerability in Eaton Network Shutdown Module.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request with a crafted URI. It allows a remote attacker to execute php code via sending a crafted URI to a vulnerable application.

Affected Products

Eaton MGE Network Shutdown Module 3.x

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.