Intrusion Prevention



This indicates an attack attempt against a cross-site scripting vulnerability in raSMP.
A vulnerability has been reported in raSMP that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the User-Agent header that is passed to "index.php". An attacker may include shell commands by supplying an injection string through the HTTP header.

Affected Products

raSMP raSMP 2.0 .0


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any officially supplied patch for this issue.

CVE References