PT-2008-3427 · Carbon · Carbon Communities

Publicado

2008-04-21

Atualizado

2018-10-11

CVE-2008-1900

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Carbon Communities versions 2.4 and earlier

Description The issue allows remote attackers to edit arbitrary member information. This is achieved by modifying the ID field in the option Update.asp page.

Recommendations For Carbon Communities versions 2.4 and earlier, restrict access to the option Update.asp page to prevent unauthorized modifications to member information. Consider implementing input validation and sanitization for the ID field to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2008-1900

Produtos afetados

Carbon Communities

PT-2008-3427 · Carbon · Carbon Communities

CVE-2008-1900

Identificadores relacionados

Produtos afetados

Referências · 3