Korsan

#12146de 53,632
22.5CVSS total
Vulnerabilidades · 3
Alta
3
PT-2006-7194
7.5
2006-12-15
Bloq · Bloq · CVE-2006-6592
**Name of the Vulnerable Software and Affected Versions** Bloq version 0.5.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `page[path]` parameter to various PHP files, including "index.php", "admin.php", "rss.php", "rdf.php", "rss2.php", or "files/mainfile.php". **Recommendations** For Bloq version 0.5.4, consider restricting access to the `page[path]` parameter in the affected PHP files until a patch is available. As a temporary workaround, restrict access to the vulnerable PHP files, such as "index.php", "admin.php", "rss.php", "rdf.php", "rss2.php", and "files/mainfile.php", to minimize the risk of exploitation.
PT-2006-6177
7.5
2006-10-23
Download Engine · Download-Engine · CVE-2006-5459
**Name of the Vulnerable Software and Affected Versions** Download-Engine versions 1.4.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `$ ENGINE[eng dir]` and possibly `spaw root` parameters in "admin/includes/spaw/spaw script.js.php", and the `$ ENGINE[eng dir]`, `$spaw root`, `$spaw dir`, and `$spaw base url` parameters in "admin/includes/spaw/config/spaw control.config.php". **Recommendations** For Download-Engine versions 1.4.2 and earlier, consider disabling the `spaw script.js.php` and `spaw control.config.php` files until a patch is available. Restrict access to the `admin/includes/spaw` directory to minimize the risk of exploitation. Avoid using the `$ ENGINE[eng dir]`, `spaw root`, `$spaw root`, `$spaw dir`, and `$spaw base url` parameters in the affected files until the issue is resolved.
PT-2006-6178
7.5
2006-10-23
Hinton Design · Phpht Topsites · CVE-2006-5460
**Name of the Vulnerable Software and Affected Versions** Hinton Design phpht Topsites (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpht real path` parameter to certain scripts, including (1) 'index.php', (2) other scripts in the top-level directory, and (3) scripts in the 'admin/' directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.