HTTP: AjaXplorer Remote Command Injection and Local File Disclosure
This signature detects attempts to exploit a known vulnerability against AjaXplorer. A successful attack can lead to arbitrary code execution.
Extended Description
AjaXplorer is prone to a remote command injection vulnerability and a local file disclosure vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands within the context of the affected application and to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. Versions prior to AjaXplorer 2.6 are vulnerable.
Affected Products
Ajaxplorer ajaxplorer
References
BugTraq: 39334
Short Name
HTTP:PHP:AJAXPLORER-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AjaXplorer Command Disclosure File Injection Local Remote and bid:39334
Release Date
11/20/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ajaxplorer