PT-2006-2942 · Wwwthreads · Wwwthreads Rc 3
D3Vil-0X1
+1
·
Publicado
2006-04-21
·
Atualizado
2018-10-18
·
CVE-2006-1958
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WWWThreads RC 3
Description
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two methods:
- the
forumreferrercookie toregister.php - the
messagesparameter inmessage list.php.
Recommendations
For WWWThreads RC 3, update the software to prevent SQL injection attacks, specifically by validating and sanitizing user input for the
forumreferrer cookie and the messages parameter.
As a temporary workaround, consider restricting access to register.php and message list.php to minimize the risk of exploitation.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Wwwthreads Rc 3