PT-2005-3254 · Laffer · Laffer
Diman
·
Publicado
2005-07-20
·
Atualizado
2008-09-05
·
CVE-2005-2328
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Laffer versions 0.3.2.6 through 0.3.2.7
Description
The issue allows remote attackers to execute arbitrary PHP code via the
CFG PATH variable. This is a result of a PHP remote file inclusion vulnerability in the im.php file.Recommendations
For versions 0.3.2.6 and 0.3.2.7, consider restricting access to the
CFG PATH variable to minimize the risk of exploitation. As a temporary workaround, avoid using the CFG PATH variable in the im.php file until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Laffer