Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Trials and Demos

HTTP: FreeNews Insecure PHP Code Inclusion (1)

FreeNews version 2.1 contains a known vulnerability allowing attackers to include remote files containing malicious PHP code through a regular HTTP GET request. By including a file on a remote Web server as part of the chemin parameter to aff_news.php, an attacker can execute arbitrary PHP commands on the Web server, with run PHP scripts configuration level as the user.

Extended Description

A remote attacker could run malicious PHP commands on the web server.

References

URL: http://www.security.nnov.ru/search/document.asp?docid=3814

Short Name

HTTP:PHP:FREENEWS-PHP-INC1

Severity

Minor

Recommended

False

Recommended Action

None

Category

HTTP

Keywords

(1) Code FreeNews Inclusion Insecure PHP

Release Date

04/22/2003

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3324

False Positive

Unknown