PT-2007-3823 · Dvddb · Dvddb
Publicado
2007-05-04
·
Atualizado
2017-07-29
·
CVE-2007-2499
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
DVDdb versions 0.6 and earlier
Description
The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the
movieid parameter to "loan.php" or the s parameter to "listmovies.php".Recommendations
For DVDdb versions 0.6 and earlier, avoid using the
movieid parameter in the "loan.php" endpoint and the s parameter in the "listmovies.php" endpoint until a fix is available. Consider restricting access to these endpoints as a temporary mitigation measure.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Dvddb