M. Hasran Addahroni

#11955of 53,632
22.9Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2009-1724
6.8
2009-02-23
Comdev · Comdev Web Blogger · CVE-2008-6250
Name of the Vulnerable Software and Affected Versions: Comdev Web Blogger versions 4.1.3 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `arcmonth` parameter to a blog page. Recommendations: For Comdev Web Blogger versions 4.1.3 and earlier, update to a version later than 4.1.3 to resolve the issue.
PT-2008-3703
6.8
2008-05-14
Kmita · Kmita Tellfriend · CVE-2008-2198
Name of the Vulnerable Software and Affected Versions: Kmita Tellfriend versions 2.0 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `file` parameter when `register globals` is enabled. This is due to a PHP remote file inclusion vulnerability in `htmlcode.php`. Recommendations: For Kmita Tellfriend versions 2.0 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `htmlcode.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the `file` parameter in affected URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2007-3009
9.3
2007-03-23
Studiewijzer · Study Planner · CVE-2007-1628
**Name of the Vulnerable Software and Affected Versions** Study planner (Studiewijzer) versions 0.15 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `SPL CFG[dirroot]` parameter to various PHP files, including service.alert.inc.php, settings.ses.php, db/mysql/db.inc.php, integration/shortstat/configuration.php, ali.class.php, cat.class.php, cat browse.inc.php, chr browse.inc.php, chr display.inc.php, dash browse.inc.php, spl.webservice.php, and konfabulator/gateway admin.php. This can occur when register globals is enabled. **Recommendations** For Study planner (Studiewijzer) versions 0.15 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable files, such as service.alert.inc.php, settings.ses.php, and others, until a patch is available. Avoid using the `SPL CFG[dirroot]` parameter in URLs to minimize the risk of exploitation.