PT-2006-3617 · Easy Content · Easy-Content Forums
Ajann
·
Publicado
2006-05-31
·
Atualizado
2018-10-18
·
CVE-2006-2697
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Easy-Content Forums version 1.0
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
startletter parameter in "userview.asp" and the forumname parameter in "topics.asp".Recommendations
For Easy-Content Forums version 1.0, avoid using the
startletter parameter in "userview.asp" and the forumname parameter in "topics.asp" until a fix is available. Consider restricting access to these parameters to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Easy-Content Forums