PT-2007-5446 · Evolution · Evolution
K1Tk4T
·
Publicado
2007-08-08
·
Atualizado
2018-10-15
·
CVE-2007-4253
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Envolution versions 1.1.0 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands via the
topic parameter in the News module in modules.php. This is a different vector than previously identified issues.Recommendations
For Envolution versions 1.1.0 and earlier, consider restricting access to the News module until a fix is available. As a temporary workaround, avoid using the
topic parameter in the affected module to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Evolution