PT-2006-6158 · Comdev · Comdev Misc Tools
Publicado
2006-10-20
·
Atualizado
2017-07-20
·
CVE-2006-5439
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Comdev Misc Tools version 4.1
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
path[docroot] parameter when register globals is enabled.Recommendations
For Comdev Misc Tools version 4.1, consider disabling the
register globals setting to prevent exploitation until a patch is available. Restrict access to the adminfoot.php file to minimize the risk of arbitrary PHP code execution.Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Comdev Misc Tools