PT-2006-3154 · Ftrainsoft · Ftrainsoft Fast Click

R@1D3N

Publicado

2006-05-04

Atualizado

2018-10-18

CVE-2006-2175

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions FtrainSoft Fast Click versions 2.3.8 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) "show.php" or (2) "top.php" API endpoints.

Recommendations For FtrainSoft Fast Click versions 2.3.8 and earlier, consider disabling access to the show.php and top.php endpoints until a patch is available. Restrict the use of the path parameter in these endpoints to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2175

Produtos afetados

Ftrainsoft Fast Click

PT-2006-3154 · Ftrainsoft · Ftrainsoft Fast Click

CVE-2006-2175

Identificadores relacionados

Produtos afetados

Referências · 11