PT-2014-8446 · Voice Of Web · Voice Of Web Allmyguests

Publicado

2014-10-15

Atualizado

2014-10-22

CVE-2014-8294

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Voice Of Web AllMyGuests version 0.4.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the allmyphp cookie cookie to admin.php, or through the Username or Password fields.

Recommendations For version 0.4.1, consider restricting access to the admin.php endpoint and avoid using the allmyphp cookie cookie until a fix is available. As a temporary workaround, restrict the use of the Username and Password fields in the affected endpoint to minimize the risk of exploitation.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2014-8294

Produtos afetados

Voice Of Web Allmyguests

PT-2014-8446 · Voice Of Web · Voice Of Web Allmyguests

CVE-2014-8294

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2