PT-2006-1429 · Unknown · Powerportal

Publicado

2006-01-22

Atualizado

2018-10-19

CVE-2006-0358

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PowerPortal versions 1.1 beta through 1.3

Description The issue allows remote attackers to execute arbitrary SQL commands via the search parameter in API endpoints such as "index.php" and "search.php".

Recommendations For PowerPortal versions 1.1 beta through 1.3, consider restricting access to the search parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the search parameter in "index.php" and "search.php" to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-0358

Produtos afetados

Powerportal

PT-2006-1429 · Unknown · Powerportal

CVE-2006-0358

Identificadores relacionados

Produtos afetados

Referências · 10