PT-2005-3462 · Funkboard · Funkboard

Retrogod

Published

2005-08-16

Updated

2016-10-18

CVE-2005-2571

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions FunkBoard versions 0.66CF and earlier

Description The issue allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php due to improper access restriction to the "admin/mysql install.php" and "admin/pg install.php" API endpoints.

Recommendations For FunkBoard versions 0.66CF and earlier, restrict access to the admin/mysql install.php and admin/pg install.php scripts to prevent unauthorized access and potential code injection.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2571

Affected Products

Funkboard

PT-2005-3462 · Funkboard · Funkboard

CVE-2005-2571

Related Identifiers

Affected Products

References · 4