Intrusion Prevention

MTCMS.Admin.Settings.PHP.Remote.File.Inclusion

Description

It indicates a possible exploit of a remote file inclusion vulnerability in MTCMS that may allow remote attackers to execute arbitrary PHP code via a URL in the parameter ins_file.

Affected Products

MTCMS MTCMS 2.0

Impact

Compromise of affected system.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
Setting register_globals to off can prevent exploitation of this vulnerability.

CVE References

CVE-2006-6796