PT-2005-4934 · Plogger · Plogger
Publicado
2005-12-14
·
Atualizado
2012-10-22
·
CVE-2005-4246
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Plogger versions Beta 2 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the
id parameter to "index.php" and the page parameter.Recommendations
For Plogger versions Beta 2 and earlier, consider restricting access to the
id and page parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the id and page parameters in "index.php" to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Plogger