PT-2005-1721 · Unknown · Tell A Friend Script

Arfis

Published

2005-03-07

Updated

2018-10-19

CVE-2005-0679

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Tell A Friend Script versions 2.4 through 2.7 before 20050305

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the script root parameter to reference a URL on a remote web server that contains the code.

Recommendations For Tell A Friend Script versions 2.4 through 2.7 before 20050305, update to a version released after 20050305 to resolve the issue. As a temporary workaround, consider restricting access to the tell a friend.inc.php file to minimize the risk of exploitation. Avoid using the script root parameter in the affected script until the issue is resolved.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2005-0679

Affected Products

Tell A Friend Script

PT-2005-1721 · Unknown · Tell A Friend Script

CVE-2005-0679

Weakness Enumeration

Related Identifiers

Affected Products

References · 8