virus logo Intrusion Prevention

ProcessMaker.Open.Source.Authenticated.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Code Execution Vulnerability in ProcessMaker.
The vulnerability is due to an input validation error in a variable in the vulnerable PHP script. A remote attacker could exploit this to execute arbitrary code execution within the context of the application, via a crafted HTTP request.

affected-products-logoAffected Products

ProcessMaker v 2.0.45 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's website for suggested workaround.
http://bugs.processmaker.com/view.php?id=13436

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 37390
Created Nov 28, 2013
Updated Mar 26, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other