PT-2006-6415 · Saz · Sazcart
Ibnusina
·
Publicado
2006-11-06
·
Atualizado
2018-10-17
·
CVE-2006-5727
CVSS v2.0
5.1
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
sazcart version 1.5
Description:
The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the
saz[settings][shippingfolder] and saz[settings][taxfolder] parameters in the admin/controls/cart.php file.Recommendations:
For sazcart version 1.5, as a temporary workaround, consider restricting access to the admin/controls/cart.php file until a patch is available. Avoid using the
saz[settings][shippingfolder] and saz[settings][taxfolder] parameters in the affected file until the issue is resolved.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Sazcart