Intrusion Prevention

Gepi.Savebackup.php.File.Inclusion

Description

Gepi has a remote file-include vulnerability. A remote attacker could execute arbitrary scripts on the web server, with the privileges of the server, via a specially-crafted URL request to the gestion/savebackup.php script, by using the 'filename' parameter to specify a malicious PHP file from a remote system.

Affected Products

Gepi version 1.4.0 and prior.

Impact

Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://gepi.mutualibre.org/

CVE References

CVE-2006-5669