PT-2005-3663 · Unknown · Autolinks Pro

4Degrees

Published

2005-09-02

Updated

2017-07-11

CVE-2005-2782

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AutoLinks Pro version 2.1

Description The issue allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter. This is possible because the blacklist only checks for "http" and "https" URLs, allowing other types of URLs to bypass the check.

Recommendations For AutoLinks Pro version 2.1, consider restricting access to the al initialize.php file or the alpath parameter to minimize the risk of exploitation until a proper fix is available. Avoid using the alpath parameter with untrusted input.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2782

Affected Products

Autolinks Pro

PT-2005-3663 · Unknown · Autolinks Pro

CVE-2005-2782

Related Identifiers

Affected Products

References · 6