PT-2008-2439 · Php · Php Live!

Xar

·

Publicado

2008-02-19

·

Atualizado

2017-09-29

·

CVE-2008-0821

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions PHP Live! version 3.2.2
Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the questid parameter in an "expand question" action within the admin/traffic/knowledge searchm.php file.
Recommendations For PHP Live! version 3.2.2, avoid using the questid parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the admin/traffic/knowledge searchm.php file to minimize the risk of exploitation.

Exploit

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2008-0821

Produtos afetados

Php Live!