Intrusion Prevention

Admbook.Arbitrary.Command.Execution

Description

This indicates a possible attempt to exploit a direct static code injection vulnerability in Admbook.
The vulnerability is due to an input validation error in the "index.php" script. The script fails to properly validate the "X-Forwarded-For" header before it is written to the "content-data.php" file. This can be exploited by remote attackers to compromise a vulnerable web server.

Affected Products

Admbook version 1.2.2 and prior.

Impact

System compromise: execution of arbitrary PHP code.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

CVE References

CVE-2006-0852