PHP : Remote file inclusion prevention: suspicious GLOBALS variable
Description
On some servers using php scripts with a specific configuration, the use of GLOBALS[] array with a vulnerable parameter, might allow a malicious user to inject a remote file on the server, and therefore execute code.
Default
configuration
Profiles
High
Medium
Low
Internet
Action
Block
Block
Block
Block
Alarm Level
Minor
Minor
Minor
Minor
References
Available since
ASQ v3.2.0
Protects
Dolphin "eval()" PHP Code Execution Vulnerability
GNUBoard "g4_path" File Inclusion Vulnerability
NetCat "search_query" PHP Code Execution Vulnerability
TYPO3 Code Execution and Multiple Cross Site Scripting Vulnerabilities
TYPO3 Code Execution and Cross Site Scripting Vulnerabilities
PHPope Multiple Parameter Remote File Inclusion Vulnerabilities
phpMyPortal "GLOBALS[CHEMINMODULES]" Parameter PHP File Inclusion Vulnerability
WebBuilder "GLOBALS[core][module_path]" Parameter PHP File Inclusion Vulnerability
Cadre "GLOBALS[config][framework_path]" Remote PHP File Inclusion Vulnerability
Irokez CMS Multiple Parameter Handling Remote PHP File Inclusion Vulnerabilities
Puntal Installation Scripts GLOBALS Array Handling Remote File Inclusion Vulnerability
Hot Open Tickets "GLOBALS[CLASS_PATH]" Variable File Inclusion Vulnerability
ActionApps "GLOBALS[AA_INC_PATH]" Parameter File Inclusion Vulnerabilities
Docebo Multiple Parameter Handling Remote File Inclusion Vulnerabilities
Sugar Suite "GLOBALS[sugarEntry]" Security Bypass and File Inclusion Issue
PmWiki Multiple Script "GLOBALS" Array Handling Remote Vulnerabilities
100 last CVE
CVE-2009-4472
CVE-2009-0290
CVE-2007-2594
CVE-2007-0703
CVE-2007-0677
CVE-2006-6771
CVE-2006-6224
CVE-2006-3107
CVE-2006-2730
CVE-2006-2686
CVE-2006-2577
CVE-2006-2576
CVE-2006-2460
CVE-2006-0479
Risk level
Moderate
