Short Name |
HTTP:PHP:YABBSE-PKG-EXEC |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
YabbSE Packages.php Code Execution |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Packages.php in YabbSE. YabbSE 1.5.0 and earlier are vulnerable. Attackers can include remote malicious code in Packages.php that can allow them to execute arbitrary commands with Web server privileges.
YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed by YABB SE. This may allow a remote attacker to execute arbitrary commands in the context of the webserver.