Short Name |
HTTP:PHP:PAGETOOL-SQL-INJ |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
myphpPageTool Remote Include |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a SQL injection vulnerability in MyphpPageTool. phpMyShop 1.00 and earlier versions are vulnerable. Attackers can submit a maliciously crafted URL to cause the Web server to execute arbitrary PHP code.
This vulnerability enables an adversary to execute arbitrary PHP code, with the privilege level of the web service account, which is usually the "nobody" user. This capability could be leveraged to completely compromise the myphpPageTool installation by overwriting database tables and configuration files.