PT-2009-3909 · Cre Loaded · Cre Loaded

Player

Publicado

2009-04-24

Atualizado

2017-09-29

CVE-2009-1403

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CRE Loaded version 6.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the products id parameter in the "product info.php" file.

Recommendations For CRE Loaded version 6.2, consider restricting access to the product info.php file or validating and sanitizing the products id parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the products id parameter in the affected file until a patch is available.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2009-1403

Produtos afetados

Cre Loaded

PT-2009-3909 · Cre Loaded · Cre Loaded

CVE-2009-1403

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4