PT-2007-2703 · Webmobo · Webmobo Wb News

Publicado

2007-03-07

Atualizado

2018-10-16

CVE-2007-1288

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Webmobo WB News versions 1.4.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to API endpoints such as "comment.php", "themes.php", "directory.php", and "sendmsg.php" in the "admin/" directory.

Recommendations For Webmobo WB News versions 1.4.1 and earlier, consider restricting access to the admin/ directory and its API endpoints, specifically "comment.php", "themes.php", "directory.php", and "sendmsg.php", to minimize the risk of exploitation. Avoid using the config[installdir] parameter in these endpoints until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-1288

Produtos afetados

Webmobo Wb News

PT-2007-2703 · Webmobo · Webmobo Wb News

CVE-2007-1288

Identificadores relacionados

Produtos afetados

Referências · 8