PT-2010-2973 · Justvisual · Justvisual Cms
Eidelweiss
·
Publicado
2010-04-06
·
Atualizado
2017-08-17
·
CVE-2010-1268
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
justVisual CMS version 2.0
Description
A directory traversal issue exists in index.php, allowing remote attackers to include and execute arbitrary local files when magic quotes gpc is disabled. This is achieved by using directory traversal sequences in the
p parameter.Recommendations
For justVisual CMS version 2.0, consider disabling the use of the
p parameter in index.php or enabling magic quotes gpc to minimize the risk of exploitation. Additionally, restrict access to sensitive files and directories to prevent unauthorized inclusion and execution.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Justvisual Cms