PT-2003-2198 · Bookmark4U · Bookmark4U
Publicado
2003-12-31
·
Atualizado
2008-09-05
·
CVE-2003-1253
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Bookmark4U version 1.8.3
Description
A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the
prefix parameter to API endpoints such as "dbase.php", "config.php", or "common.load.php".Recommendations
For Bookmark4U version 1.8.3, consider restricting access to the
prefix parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the prefix parameter in the "dbase.php", "config.php", or "common.load.php" endpoints to minimize the risk of exploitation.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bookmark4U