HTTP: Remote URL In HTTP Variable
This signature detects a remote URL submitted in a HTTP variable. This can be normal web-submission activity, but it can also indicate a possible remote-code injection attack. Non-malicious use is common.
Extended Description
Insert User for phpBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. This issue affects Insert User 0.1.2 and prior versions.
Affected Products
Phpbb_group insert_user
Short Name
HTTP:REMOTE-URL-IN-VAR
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2010-0975 CVE-2010-2699 CVE-2010-2700 CVE-2010-2714 CVE-2010-2715 CVE-2010-4283 CVE-2010-4948 CVE-2011-1398 CVE-2012-6499 CVE-2016-5304 CVE-2016-6483 CVE-2017-17405 CVE-2017-5799 CVE-2019-8451 CVE-2021-33690 HTTP In Remote URL Variable bid:14028 bid:14651 bid:17206 bid:17290 bid:20281 bid:20444 bid:20493 bid:55297 bid:8158 bid:92350 bid:9881
Release Date
04/06/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3695
False Positive
Frequently
Vendors
Phpbb_group
CVSS Score
7.5
6.5
4.3
6.4
4.9
5.8
5.0