PT-2007-1207 · Rialto · Rialto

Benjamin Moss

+1

·

Publicado

2007-01-13

·

Atualizado

2018-10-16

·

CVE-2006-6927

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: Rialto version 1.6
Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different API endpoints, including:
  • the uname (username) and pword (passwd) fields in "admin/default.asp";
  • the ID parameter to "listfull.asp" or "printmain.asp";
  • the cat parameter to "listmain.asp", "searchoption.asp", or "searchmain.asp";
  • the Keyword parameter to "searchkey.asp";
  • the area parameter to "searchmain.asp" or "searchoption.asp";
  • the searchin parameter to "searchkey.asp";
  • the cost1, cost2, acreage1, or squarefeet1 parameters to "searchoption.asp".
Recommendations: For Rialto version 1.6, consider disabling the SQL execution functionality until a patch is available. Restrict access to the mentioned API endpoints to minimize the risk of exploitation. Avoid using the specified parameters in the affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6927

Produtos afetados

Rialto