vendor:
SIPS
by:
ajann
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: SIPS
Affected Version From: 0.3.1 and earlier
Affected Version To: 2000.3.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability
The SIPS version 0.3.1 and earlier is vulnerable to remote file inclusion. The 'box.inc.php' file does not properly validate user input, which allows an attacker to include remote files and execute arbitrary code.
Mitigation:
Update to the latest version of SIPS to fix the vulnerability. Disable remote file inclusion in the server configuration.