PT-2017-3226 · Quickerbb · Quickerbb

Publicado

2017-04-28

·

Atualizado

2017-12-02

·

CVE-2017-1000169

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions QuickerBB versions prior to 0.7.3
Description The issue is related to insufficient input validation in the config.php component of QuickerBB, which can be exploited by a remote attacker to execute arbitrary code. This can lead to the complete takeover of the server hosting QuickerBB.
Recommendations For QuickerBB versions prior to 0.7.3, update to version 0.7.3 or later to resolve the issue. At the moment, there is no information about other versions that contain a fix for this issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2017-02659
CVE-2017-1000169

Produtos afetados

Quickerbb