Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:REMOTE-URL-IN-VAR |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Remote URL In HTTP Variable |
Release Date |
2011/04/06 |
Update Number |
1897 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Remote URL In HTTP Variable
This signature detects a remote URL submitted in a HTTP variable. This can be normal web-submission activity, but it can also indicate a possible remote-code injection attack. Non-malicious use is common.
Extended Description
Insert User for phpBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. This issue affects Insert User 0.1.2 and prior versions.
Affected Products
- Phpbb_group insert_user 0.1.2
References
- BugTraq: 8158
- BugTraq: 55297
- BugTraq: 20493
- BugTraq: 92350
- BugTraq: 20281
- BugTraq: 17290
- BugTraq: 9881
- BugTraq: 14651
- BugTraq: 14028
- BugTraq: 17206
- BugTraq: 20444
- CVE: CVE-2016-5304
- CVE: CVE-2017-5799
- CVE: CVE-2014-5362
- CVE: CVE-2011-1398
- CVE: CVE-2016-6483
- CVE: CVE-2012-6499
- CVE: CVE-2010-4948
- CVE: CVE-2019-8451
- CVE: CVE-2010-4283
- CVE: CVE-2010-2699
- CVE: CVE-2010-2700
- CVE: CVE-2010-2714
- CVE: CVE-2010-2715
- CVE: CVE-2010-0975
- URL: https://www.exploit-db.com/exploits/14322
- URL: https://www.exploit-db.com/exploits/14203