Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: YabbSE SSI.php Remote PHP Code Inclusion

This signature detects attempts to exploit a known vulnerability in YabbSE, a PHP/MySQL port of the forum software YaBB (another bulletin board). YabbSE versions 1.5.2 and earlier are vulnerable. Attackers can include PHP code in a maliciously crafted URL request; when YabbSE receives the request it runs the PHP code, enabling the attacker to execute arbitrary commands on the server.

Extended Description

Remote attackers could exploit this vulnerability to execute arbitrary code.

References

CVE: CVE-2003-0275

URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1547.html http://nvd.nist.gov/nvd.cfm?cvename=CAN-2003-0275

Short Name

HTTP:PHP:YABBSE-SSI-INCLUDE

Severity

Minor

Recommended

False

Recommended Action

None

Category

HTTP

Keywords

CVE-2003-0275 Code Inclusion PHP Remote SSI.php YabbSE

Release Date

06/05/2003

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3324

False Positive

Unknown

CVSS Score

5.1