PT-2007-1686 · @Lex · @Lex Guestbook

Darkfig

Publicado

2007-01-11

Atualizado

2018-10-16

CVE-2007-0202

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions @lex Guestbook versions 4.0.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the magic quotes gpc setting is disabled. The lang parameter is used for the exploitation.

Recommendations For @lex Guestbook versions 4.0.2 and earlier, consider disabling the lang parameter in the index.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-0202

Produtos afetados

@Lex Guestbook

PT-2007-1686 · @Lex · @Lex Guestbook

CVE-2007-0202

Identificadores relacionados

Produtos afetados

Referências · 10