PT-2002-2589 · Bizdesign · Imagefolio
Publicado
2002-12-31
·
Atualizado
2016-10-18
·
CVE-2002-1867
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BizDesign ImageFolio versions 2.23 through 2.26
Description
The default configuration of the software does not control access to certain API endpoints, such as "admin/setup.cgi" and "admin/nph-build.cgi". This allows remote attackers to create an administrative account or cause a denial of service by consuming CPU resources.
Recommendations
For versions 2.23 through 2.26, restrict access to the "admin/setup.cgi" and "admin/nph-build.cgi" API endpoints to prevent unauthorized account creation and denial of service attacks. Consider temporarily disabling these endpoints until a proper fix is applied.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Imagefolio