Check Point Advisories

Update Protection against phpFullAnnu 'repmod' parameter File Inclusion Vulnerability

Check Point Reference: CPAI-2006-126
Date Published: 13 Nov 2006
Severity: High
Last Updated: 15 May 2007
Source: FrSIRT/ADV-2006-3493
Industry Reference:CVE-2006-4644
Protection Provided by:
Who is Vulnerable? phpFullAnnu version 5.1 and prior
Vulnerability Description phpFullAnnu, a content management system portal application, is prone to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system via a maliciously crafted URL in the 'repmod' parameter.
Vulnerability DetailsThe vulnerability is due to input validation errors in the 'modules/home.module.php' script that does not validate the 'repmod' parameter prior to including files. A remote attacker could exploit this flaw via a specially crafted URL. By doing so, the attacker could include malicious scripts and execute arbitrary commands on the vulnerable system.

Protection Overview

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO