HTTP: PHP News File Inclusion
This signature detects an attemps to include remote file in a PHP News server. Succesfull exploitation of this vulnerability could lead to arbitrary code execution within the context of the Web Server.
Extended Description
It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. This issue reportedly affects PHPNews version 1.2.4, previous versions might also be affected.
Affected Products
Phpnews phpnews
References
BugTraq: 12696
CVE: CVE-2005-0632
URL: http://securitytracker.com/id?1013345 http://www.securityfocus.com/bid/12696
Short Name
HTTP:PHP:PHP-NEWS-FILE-INC
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-0632 File Inclusion News PHP bid:12696
Release Date
08/16/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Phpnews
CVSS Score
5.0