phpScheduleIt 'reserve.php' Remote Code Execution Vulnerability
Gravité: : Medium
Identifiant(s) CVE: : CVE-2008-6132
Date du conseil: 21 juillet 2015
Description
phpScheduleIt is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1005916
Trend Micro Deep Security DPI Rule Name: 1005916 - phpScheduleIt 'reserve.php' Remote Code Execution Vulnerability
Affected software and version:
- brickhost phpscheduleit 1.0
- brickhost phpscheduleit 1.0.0rc1
- brickhost phpscheduleit 1.0_rc1
- brickhost phpscheduleit 1.2.0
- brickhost phpscheduleit 1.2.1
- brickhost phpscheduleit 1.2.10
- brickhost phpscheduleit 1.2.2
- brickhost phpscheduleit 1.2.3
- brickhost phpscheduleit 1.2.4
- brickhost phpscheduleit 1.2.5
- brickhost phpscheduleit 1.2.6
- brickhost phpscheduleit 1.2.7
- brickhost phpscheduleit 1.2.8
- brickhost phpscheduleit 1.2.9