Intrusion Prevention

InPortal.InLink.ADODBDIR.PHP.File.Inclusion

Description

In-portal In-link has a remote file-include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server, via a specially-crafted URL request to the 'adodb-postgres7.inc.php' script, using the 'ADODB_DIR' parameter to specify a malicious PHP file from a remote system.

Affected Products

In-link 2.3.4 and prior.

Impact

Gain Access.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.in-portal.net/products/in-link.html

CVE References

CVE-2006-4618