Intrusion Prevention

ActionApps.Remote.File.Inclusion

Description

It indicates a possible exploit of a PHP remote file inclusion vulnerability in ActionApps.
This flaw is due to input validation errors in various scripts, that do not validate the "GLOBALS[AA_INC_PATH]" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.

Affected Products

ActionApps version 2.8.1 and prior

Impact

The execution of arbitrary code on the system.

Recommended Actions

Upgrade to the latest version of the vulnerable software.

CVE References

CVE-2006-2686