PT-2006-6305 · Minihttp · Minihttp Web Forum & File Server Powerpack

Greg Linares

Publicado

2006-10-28

Atualizado

2017-10-19

CVE-2006-5597

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: MiniHTTP Web Forum & File Server PowerPack version 4.0

Description: The issue allows remote attackers to add or modify arbitrary user accounts. This is achieved by modifying the frmMailBox and frmUserPass parameters in the 'join.asp' file.

Recommendations: For MiniHTTP Web Forum & File Server PowerPack version 4.0, avoid using the join.asp file until a fix is available, and restrict access to the frmMailBox and frmUserPass parameters to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-5597

Produtos afetados

Minihttp Web Forum & File Server Powerpack

PT-2006-6305 · Minihttp · Minihttp Web Forum & File Server Powerpack

CVE-2006-5597

Identificadores relacionados

Produtos afetados

Referências · 6