PT-2005-3186 · Phpslash · Phpslash

Crashfr

Published

2005-07-13

Updated

2016-10-18

CVE-2005-2257

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: PhpSlash version 0.8.0

Description: The issue allows remote attackers to modify arbitrary profiles and gain privileges. This is achieved by modifying the author id parameter in the saveProfile function.

Recommendations: For PhpSlash version 0.8.0, consider restricting access to the saveProfile function until a patch is available, and avoid using the author id parameter in this function to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2257

Affected Products

Phpslash

PT-2005-3186 · Phpslash · Phpslash

CVE-2005-2257

Related Identifiers

Affected Products

References · 4