Short Name |
HTTP:PHP:PHPMYNEWS-INCLUDE |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
phpMyNewsletter Insecure File Include |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in phpMyNewsletter. Version 0.6.10 and earlier are vulnerable. phpMyNewsletter does not verify the legitimacy of files included in the customize.php script using the l parameter. Attackers can include a malicious remote file in the customize.php script to execute arbitrary commands on the host.
Remote attackers could exploit this vulnerability to view files on an affected server, or to execute arbitrary commands within the security context of the phpMyNewsLetter process.