PT-2004-2858 · Unknown · Protector System

Publicado

2004-04-23

Atualizado

2016-12-20

CVE-2004-1961

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Protector System version 1.15b1

Description The issue allows remote attackers to bypass SQL injection protection and execute limited SQL commands. This is achieved by using URL-encoded "'" characters ("%27") in the blocker.php file.

Recommendations For Protector System version 1.15b1, consider restricting access to the blocker.php file until a patch is available, or apply configuration changes to prevent the use of URL-encoded "'" characters ("%27") to bypass SQL injection protection.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1961

Produtos afetados

Protector System

PT-2004-2858 · Unknown · Protector System

CVE-2004-1961

Identificadores relacionados

Produtos afetados

Referências · 5