Check Point Advisories

Update Protection against phpFullAnnu 'repmod' parameter File Inclusion Vulnerability

Check Point Reference: CPAI-2006-126
Date Published: 13 Nov 2006
Severity: High
Last Updated: Tuesday 15 May, 2007
Source: FrSIRT/ADV-2006-3493
Industry Reference:CVE-2006-4644
Protection Provided by:
Who is Vulnerable? phpFullAnnu version 5.1 and prior
Vulnerability Description phpFullAnnu, a content management system portal application, is prone to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system via a maliciously crafted URL in the 'repmod' parameter.
Vulnerability DetailsThe vulnerability is due to input validation errors in the 'modules/home.module.php' script that does not validate the 'repmod' parameter prior to including files. A remote attacker could exploit this flaw via a specially crafted URL. By doing so, the attacker could include malicious scripts and execute arbitrary commands on the vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK