CVE-2006-6973

Name of the Vulnerable Software and Affected Versions DeskPRO (affected versions not specified)

Description The issue allows remote attackers to access certain files and directories associated with administrative activities without requiring authentication. This enables attackers to reinstall the application, delete the database, or access the administration system. Specifically, attackers can reinstall the application via a direct request for install/index.php, delete the database via a do=delete database query string to a renamed copy of install/index.php, or access the administration system by guessing a filename and making a direct request for a file in the admin/ or tech/ directories.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.