How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Update Protection against phpFullAnnu 'repmod' parameter File Inclusion Vulnerability

Check Point Reference: CPAI-2006-126
Date Published: 13 Nov 2006
Severity: High
Last Updated: 15 May 2007
Source: FrSIRT/ADV-2006-3493
Industry Reference:CVE-2006-4644
Protection Provided by:
Who is Vulnerable? phpFullAnnu version 5.1 and prior
Vulnerability Description phpFullAnnu, a content management system portal application, is prone to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system via a maliciously crafted URL in the 'repmod' parameter.
Vulnerability DetailsThe vulnerability is due to input validation errors in the 'modules/home.module.php' script that does not validate the 'repmod' parameter prior to including files. A remote attacker could exploit this flaw via a specially crafted URL. By doing so, the attacker could include malicious scripts and execute arbitrary commands on the vulnerable system.

Protection Overview