HTTP: pMachine Remote PHP Include
This signature detects attempts to exploit a known vulnerability in pMachine, an online publishing application. pMachine version 2.2.1 and other versions are vulnerable. Attackers can send a malicious HTTP request to force the pMachine Web server to execute PHP code from a remote server; commands are executed with Web server privileges.
Extended Description
It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands.
Affected Products
Pmachine pmachine
Short Name
HTTP:PHP:PMACHINE-INCLUDE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2003-1086 Include PHP Remote bid:7919 pMachine
Release Date
07/09/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Pmachine
CVSS Score
7.5