'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

inject_code:php_session_related_func(Rule ID:1020810031)

Release Date2025/9/15

Rule NamePHP Session related Function Injection Attack

Severity:high

CVE ID

 

Descripiton

The session related function is used to operator session information in the PHP language. Attackers can include the session function in the http request and modify the PHP session information to obtain unauthorized resources, achieving code injection attacks. This rule requires checking the session operator function in http request to prevent such attacks. This rule supports to defend the A3: Injection and A1: Broken Access Control of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.