GEN:SID 1:2307
Message WEB-PHP PayPal Storefront remote file include attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the PayPal Storefront PHP web application running on a server.
Impact Possible execution of arbitrary code of the attackers choosing.
Detailed Information This event is generated when an attempt is made to exploit a known
vulnerability in the PayPal Storefront PHP web application running
on a server. It may be possible for an attacker to include code of their
choosing from a source external to the server running the application.
This code will execute with the privileges of the user running the web
server.

The vulnerability exists due to inadequate verification of include file
locations in the application.
Affected Systems PayPal Store Front 3.0, others may also be affected.
Attack Scenarios An attacker might include their code by including the URI to the script
in the HTTP GET parameters when calling index.php.
Ease of Attack Simple. Exploits exist.
Corrective Action Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.
Additional References  
Rule References bugtraq: 8791
nessus: 11873