Intrusion Prevention

ProcessMaker.Plugin.Upload.Module.Arbitrary.PHP.Code.Injection

Description

This indicates an attempt to upload a malicious plugin in ProcessMaker.
ProcessMaker is a workflow software solution, but it can be abused to install malware, for example, a backdoor. Valid credentials with admin privileges is required for a successful exploitation.

Affected Products

ProcessMaker version 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1
ProcessMaker version 3.2.0 on Debian Linux 8

Impact

System Compromise: Authenticated remote attackers can gain control of vulnerable systems.

Recommended Actions

Restrict and audit the access to ProcessMaker.