PT-2014-6387 · Pro Chat Rooms · Pro Chat Rooms Text Chat Rooms

Publicado

2014-10-20

Atualizado

2017-09-08

CVE-2014-5275

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pro Chat Rooms Text Chat Rooms version 8.2.0

Description The issue concerns SQL injection vulnerabilities in the includes/functions.php file. Remote authenticated users can execute arbitrary SQL commands by manipulating the password, email, or id parameters.

Recommendations For Pro Chat Rooms Text Chat Rooms version 8.2.0, consider restricting access to the includes/functions.php file until a patch is available. As a temporary workaround, avoid using the password, email, or id parameters in the affected functions until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2014-5275

Produtos afetados

Pro Chat Rooms Text Chat Rooms

PT-2014-6387 · Pro Chat Rooms · Pro Chat Rooms Text Chat Rooms

CVE-2014-5275

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7