Intrusion Prevention

NewsPortal.Poll.PHP.Remote.File.Inclusion

Description

It indicates a possible exploit of a remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal, that may allow remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.

Affected Products

Florian Amrhein NewsPortal 0.36

Impact

Execute arbitrary PHP code.

Recommended Actions

The vendor has released version 0.37 of NewsPortal to address this issue.
Florian Amrhein NewsPortal 0.36
* Florian Amrhein newsportal-0.37.tar.gz
http://florian-amrhein.de/nw/newsportal/download/newsportal-0.37.tar.g z

CVE References

CVE-2006-2557