The Includer Remote Command Execution Flaw Network Vulnerability

Summary

The remote web server contains a PHP script that is affected by a remote code execution vulnerability. Description: The remote host is running The Includer, a PHP script for emulating server-side includes. The version of The Includer installed on the remote host allows an attacker to execute arbitrary shell commands by including shell meta-characters as part of the URL.

Solution

Unknown at this time.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=111021730710779&w=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-0689

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A Really Simple Chat Multiple SQL Injection Vulnerabilities
4Images <= 1.7.1 Directory Traversal Vulnerability
Apache Struts ClassLoader Manipulation Vulnerabilities
Apache Axis2 Document Type Declaration Processing Security Vulnerability
AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities

The Includer remote command execution flaw

Take action and discover your vulnerabilities