PT-2006-2943 · Actual · Actualscripts Server+2

Aesthetico

Publicado

2006-04-21

Atualizado

2018-10-18

CVE-2006-1959

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ActualAnalyzer Lite versions 2.72 and earlier ActualScripts Gold versions 7.63 and earlier ActualScripts Server versions 8.23 and earlier

Description The issue allows remote attackers to execute arbitrary code via a URL in the rf parameter. This is a result of a remote file inclusion vulnerability in the direct.php file.

Recommendations For ActualAnalyzer Lite versions 2.72 and earlier, update to a version later than 2.72. For ActualScripts Gold versions 7.63 and earlier, update to a version later than 7.63. For ActualScripts Server versions 8.23 and earlier, update to a version later than 8.23.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-1959

Produtos afetados

Actualanalyzer Lite

Actualscripts Gold

Actualscripts Server

PT-2006-2943 · Actual · Actualscripts Server+2

CVE-2006-1959

Identificadores relacionados

Produtos afetados

Referências · 11