PT-2006-5649 · Idevspot · Nexieaffiliate
S3Rv3R_Hack3R
·
Publicado
2006-09-19
·
Atualizado
2018-10-17
·
CVE-2006-4895
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IDevSpot NexieAffiliate versions 1.9 and earlier
Description
The issue allows remote attackers to delete arbitrary affiliates. This is achieved by modifying the
id parameter in the "delete.php" endpoint.Recommendations
For versions 1.9 and earlier, restrict access to the "delete.php" endpoint to prevent unauthorized affiliate deletion. As a temporary workaround, consider validating and sanitizing the
id parameter to ensure only authorized modifications can be made.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Nexieaffiliate