PT-2005-3462 · Funkboard · Funkboard
Retrogod
·
Publicado
2005-08-16
·
Atualizado
2016-10-18
·
CVE-2005-2571
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
FunkBoard versions 0.66CF and earlier
Description
The issue allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php due to improper access restriction to the "admin/mysql install.php" and "admin/pg install.php" API endpoints.
Recommendations
For FunkBoard versions 0.66CF and earlier, restrict access to the admin/mysql install.php and admin/pg install.php scripts to prevent unauthorized access and potential code injection.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Funkboard