PT-2005-2755 · Phpstat · Phpstat

Published

2005-05-27

Updated

2016-11-25

CVE-2005-1787

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpStat version 1.5

Description The issue allows remote attackers to bypass authentication and gain administrator privileges. This is achieved by setting the check variable in the setup.php file.

Recommendations For phpStat version 1.5, consider restricting access to the setup.php file until a patch is available. As a temporary workaround, avoid using the setup.php file or restrict the ability to set the check variable to prevent exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2005-1787

Affected Products

Phpstat

PT-2005-2755 · Phpstat · Phpstat

CVE-2005-1787

Weakness Enumeration

Related Identifiers

Affected Products

References · 9