PT-2007-1542 · Geckovich · Geckovich Tasktracker Pro

Ajann

Publicado

2007-01-04

Atualizado

2017-10-19

CVE-2007-0049

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Geckovich TaskTracker Pro versions 1.5 and earlier

Description The issue allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to "Customize.asp".

Recommendations For Geckovich TaskTracker Pro versions 1.5 and earlier, consider restricting access to the Customize.asp endpoint until a fix is available. As a temporary workaround, limit the ability to add new accounts or modify existing ones to prevent potential exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-0049

Produtos afetados

Geckovich Tasktracker Pro

PT-2007-1542 · Geckovich · Geckovich Tasktracker Pro

CVE-2007-0049

Identificadores relacionados

Produtos afetados

Referências · 6