PT-2008-6220 · Agares Media · Agares Media Themesitescript
Darklife
·
Publicado
2008-11-13
·
Atualizado
2017-09-29
·
CVE-2008-5066
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Agares Media ThemeSiteScript version 1.0
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
loadadminpage parameter in the upload/admin/frontpage right.php file.Recommendations
For Agares Media ThemeSiteScript version 1.0, consider restricting access to the upload/admin/frontpage right.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the
loadadminpage parameter in the affected file until the issue is resolved.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Agares Media Themesitescript