PT-2006-7382 · Unknown · Logahead Unu
Corryl
·
Publicado
2006-12-28
·
Atualizado
2018-10-17
·
CVE-2006-6783
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
logahead UNU version 1.0 before 20061226
Description:
The issue allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/ widged.php, possibly because of an authentication bypass.
Recommendations:
For logahead UNU version 1.0 before 20061226, consider restricting access to the plugins/widged/ widged.php file until a fix is available. As a temporary workaround, review and strengthen authentication mechanisms to prevent bypass.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Logahead Unu