PT-2007-4673 · B1G · B1G B1Gbb
Rf7Awy
·
Publicado
2007-06-26
·
Atualizado
2017-10-11
·
CVE-2007-3401
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
B1G b1gBB version 2.24
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
tfooter parameter in the footer.inc.php file.Recommendations
For B1G b1gBB version 2.24, consider restricting access to the
footer.inc.php file or validating the tfooter parameter to prevent remote file inclusion attacks. As a temporary workaround, avoid using the tfooter parameter in the affected file until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
B1G B1Gbb