CVE-2005-2624

Name of the Vulnerable Software and Affected Versions CPAINT versions 1.3-SP

Description The issue allows remote attackers to execute arbitrary ASP code via the cpaint argument[] parameter to API endpoints such as "calculator.asp" or "cpaintfile.asp", which is directly fed into an eval statement.

Recommendations For CPAINT version 1.3-SP, avoid using the cpaint argument[] parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "calculator.asp" and "cpaintfile.asp" endpoints to minimize the risk of exploitation.