PT-2002-2929 · Wsc · Web Server Creator - Web Portal
Published
2002-12-31
·
Updated
2024-02-14
·
CVE-2002-2217
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Web Server Creator - Web Portal (WSC-WebPortal) version 0.1
Description:
The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the
l parameter to customize.php or the pg parameter to index.php.Recommendations:
For Web Server Creator - Web Portal (WSC-WebPortal) version 0.1, consider disabling access to the
customize.php and index.php scripts until a patch is available. As a temporary workaround, restrict the use of the l and pg parameters in these scripts to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Web Server Creator - Web Portal