PT-2005-4716 · Netclassifieds · Netclassifieds Standard Edition+3

Publicado

2005-12-03

·

Atualizado

2011-03-08

·

CVE-2005-3978

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions NetClassifieds Premium Edition version 1.0.1 NetClassifieds Professional Edition version 1.5.1 NetClassifieds Standard Edition version 1.9.6.3 NetClassifieds Free Edition version 1.0.1
Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the CatID parameter in "ViewCat.php" and "gallery.php", and the ItemNum parameter in "ViewItem.php".
Recommendations For NetClassifieds Premium Edition version 1.0.1, consider disabling the CatID parameter in "ViewCat.php" and "gallery.php", and the ItemNum parameter in "ViewItem.php" until a patch is available. For NetClassifieds Professional Edition version 1.5.1, consider disabling the CatID parameter in "ViewCat.php" and "gallery.php", and the ItemNum parameter in "ViewItem.php" until a patch is available. For NetClassifieds Standard Edition version 1.9.6.3, consider disabling the CatID parameter in "ViewCat.php" and "gallery.php", and the ItemNum parameter in "ViewItem.php" until a patch is available. For NetClassifieds Free Edition version 1.0.1, consider disabling the CatID parameter in "ViewCat.php" and "gallery.php", and the ItemNum parameter in "ViewItem.php" until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-3978

Produtos afetados

Netclassifieds Free Edition
Netclassifieds Premium Edition
Netclassifieds Professional Edition
Netclassifieds Standard Edition