PT-2008-6224 · Pro Chat Rooms · Pro Chat Rooms

~!Dok_Tor!~

Publicado

2008-11-14

Atualizado

2017-09-29

CVE-2008-5070

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pro Chat Rooms version 3.0.3

Description The issue allows remote attackers to execute arbitrary SQL commands when the magic quotes gpc setting is disabled. This can be achieved by manipulating the gud parameter in specific API endpoints, such as profiles/index.php and profiles/admin.php.

Recommendations For Pro Chat Rooms version 3.0.3, consider disabling the gud parameter in the affected API endpoints until a patch is available. Additionally, enabling the magic quotes gpc setting can help mitigate this issue. Restrict access to the profiles/index.php and profiles/admin.php endpoints to minimize the risk of exploitation.

Exploit

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2008-5070

Produtos afetados

Pro Chat Rooms

PT-2008-6224 · Pro Chat Rooms · Pro Chat Rooms

CVE-2008-5070

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6