PT-2006-5120 · Sonium · Sonium Enterprise Adressbook
Publicado
2006-08-23
·
Atualizado
2018-10-17
·
CVE-2006-4311
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sonium Enterprise Adressbook version 0.2
Description
The issue allows remote attackers to execute arbitrary PHP code via the
folder parameter in multiple files in the plugins directory. This can be demonstrated by exploiting the "plugins/1 Adressbuch/delete.php" file.Recommendations
For Sonium Enterprise Adressbook version 0.2, consider restricting access to the plugins directory or disabling the
folder parameter in affected files to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Sonium Enterprise Adressbook