Intrusion Prevention

Owl.Intranet.Engine.Remote.File.Inclusion

Description

It indicates a possible exploit of a remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, that may allow remote attackers to include arbitrary files via a URL in the xrms_file_root parameter.

Affected Products

Owl Owl Intranet Engine 0.82

Impact

System compromise.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://owl.sourceforge.net/

CVE References

CVE-2006-1149

Other References

2006-1149