PT-2004-2481 · Aj · Aj-Fork
Y3Dips
·
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-1573
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
AJ-Fork version 167
Description
The issue arises from the documentation of AJ-Fork, which suggests setting permissions for
users.db.php to 777. This setting allows local users to execute arbitrary PHP code, potentially leading to privilege escalation as the administrator.Recommendations
For AJ-Fork version 167, change the permissions of
users.db.php to a more restrictive setting to prevent local users from executing arbitrary PHP code.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aj-Fork