Short Name |
HTTP:MISC:OPENSIS-PARAM-PHP-INJ |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Opensis Modname Parameter Remote PHP Code Injection |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Opensis. A successful exploit can lead to remote php code injection.
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.