PT-2005-3254 · Laffer · Laffer

Diman

Published

2005-07-20

Updated

2008-09-05

CVE-2005-2328

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Laffer versions 0.3.2.6 through 0.3.2.7

Description The issue allows remote attackers to execute arbitrary PHP code via the CFG PATH variable. This is a result of a PHP remote file inclusion vulnerability in the im.php file.

Recommendations For versions 0.3.2.6 and 0.3.2.7, consider restricting access to the CFG PATH variable to minimize the risk of exploitation. As a temporary workaround, avoid using the CFG PATH variable in the im.php file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2328

Affected Products

Laffer

PT-2005-3254 · Laffer · Laffer

CVE-2005-2328

Related Identifiers

Affected Products

References · 4