Signature Detail
Short Name |
HTTP:PHP:AJAXPLORER-RCE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
AjaXplorer Remote Command Injection and Local File Disclosure |
Release Date |
2013/11/20 |
Update Number |
2321 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: AjaXplorer Remote Command Injection and Local File Disclosure
This signature detects attempts to exploit a known vulnerability against AjaXplorer. A successful attack can lead to arbitrary code execution.
Extended Description
AjaXplorer is prone to a remote command injection vulnerability and a local file disclosure vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands within the context of the affected application and to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. Versions prior to AjaXplorer 2.6 are vulnerable.
Affected Products
- AjaXplorer 2.5.5
References
- BugTraq: 39334