The Ploticus module in PhpWiki versions 1.5.0– 1.5.1 allows remote attackers to execute arbitrary code via command injection.
- The attacker sends an HTTP POST request with injected command to the vulnerable PhpWiki.
- The server replies with an HTTP 200 OK and command response embedded within the return HTML.
The attacker can exploit PhpWiki directly and without authentication.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Upgrade to a non-vulnerable version to mitigate this vulnerability.