PT-2006-2216 · Daverave · Daverave Link Bank

Retard

Publicado

2006-03-14

Atualizado

2018-10-18

CVE-2006-1200

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions daverave Link Bank (affected versions not specified)

Description A direct static code injection issue exists due to the lack of sanitization of the url name parameter in the add link.txt file. This allows remote attackers to execute arbitrary PHP code, which is later stored in links.txt and used in an include statement.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-1200

Produtos afetados

Daverave Link Bank

PT-2006-2216 · Daverave · Daverave Link Bank

CVE-2006-1200

Identificadores relacionados

Produtos afetados

Referências · 7