PT-2012-2114 · Epractize · Epractize Labs Subscription Manager

Jan Van Niekerk

Publicado

2012-08-30

Atualizado

2017-08-29

CVE-2011-5136

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions EPractize Labs Subscription Manager version 1.0

Description The issue allows remote attackers to overwrite arbitrary files. This is achieved via the db parameter in the showImg.php file.

Recommendations For EPractize Labs Subscription Manager version 1.0, consider restricting access to the showImg.php file until a patch is available. As a temporary workaround, avoid using the db parameter in the affected file to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2011-5136

Produtos afetados

Epractize Labs Subscription Manager

PT-2012-2114 · Epractize · Epractize Labs Subscription Manager

CVE-2011-5136

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5