PT-2007-1272 · Neuron · Neuron Blog

Publicado

2007-02-12

Atualizado

2011-03-08

CVE-2006-6993

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Neuron Blog version 1.1

Description The issue allows remote attackers to inject arbitrary SQL commands via the commentname, commentmail, commentwebsite, and comment parameters in the pages/addcomment2.php file.

Recommendations For Neuron Blog version 1.1, as a temporary workaround, consider restricting access to the pages/addcomment2.php file until a patch is available. Avoid using the parameters commentname, commentmail, commentwebsite, and comment in the affected page until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6993

Produtos afetados

Neuron Blog

PT-2007-1272 · Neuron · Neuron Blog

CVE-2006-6993

Identificadores relacionados

Produtos afetados

Referências · 3