Intrusion Prevention

Open.Conference.Systems.Fullpath.Remote.File.Inclusion

Description

It indicates a possible exploit of a remote file inclusion vulnerability in Open Conference Systems (OCS) that may allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter.

Affected Products

Open Conference Systems Open Conference Systems 1.1.3

Impact

System compromise.

Recommended Actions

The vendor has released 1.1.6 to addresses this issue.
http://pkp.sfu.ca/ocs/download/ocs-1.1.6.tar.gz

CVE References

CVE-2006-5308