PT-2007-4876 · Asteridex · Asteridex

Carl Livitt

Publicado

2007-07-09

Atualizado

2018-10-15

CVE-2007-3621

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AsteriDex versions 3.0 and earlier

Description The issue allows remote attackers to inject arbitrary shell commands via the IN and OUT parameters in the callboth.php file.

Recommendations For AsteriDex versions 3.0 and earlier, consider restricting access to the callboth.php file until a patch is available. As a temporary workaround, avoid using the IN and OUT parameters in the affected file to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-3621

Produtos afetados

Asteridex

PT-2007-4876 · Asteridex · Asteridex

CVE-2007-3621

Identificadores relacionados

Produtos afetados

Referências · 11