PT-2007-4698 · Phptraffica · Phptraffica
Laurent Gaffiã©
·
Publicado
2007-06-27
·
Atualizado
2018-10-16
·
CVE-2007-3427
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpTrafficA versions 1.4.2 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
pageid parameter in a "stats" action.Recommendations
For phpTrafficA versions 1.4.2 and earlier, consider updating to a version later than 1.4.2 to resolve the issue. As a temporary workaround, restrict access to the
index.php file or avoid using the pageid parameter in the stats action until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Phptraffica