PT-2004-2852 · Phprofession · Phprofession

Janek Vind

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1955

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phProfession version 2.5

Description The issue allows remote attackers to execute arbitrary SQL code. This is achieved via the offset parameter in the modules.php file.

Recommendations For phProfession version 2.5, consider restricting access to the vulnerable modules.php file until a patch is available. Avoid using the offset parameter in the affected module until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1955

Affected Products

Phprofession

PT-2004-2852 · Phprofession · Phprofession

CVE-2004-1955

Related Identifiers

Affected Products

References · 8