Intrusion Prevention

PEGames.File.Inclusion

Description

index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.

Affected Products

PEGames PEGames 0

Impact

Remote file inclusion.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2006-6213