PT-2005-5145 · Tolva · Tolva Php Website System

Beford

Published

2005-12-21

Updated

2018-10-19

CVE-2005-4462

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Tolva PHP website system version 0.1.0

Description The issue allows remote attackers to execute arbitrary code via a URL in the ROOT parameter in the usermods.php file. This enables attackers to potentially gain control over the system.

Recommendations For Tolva PHP website system version 0.1.0, consider restricting access to the usermods.php file and avoid using the ROOT parameter in URLs until a patch is available. As a temporary workaround, restrict the use of the ROOT parameter to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4462

Affected Products

Tolva Php Website System

PT-2005-5145 · Tolva · Tolva Php Website System

CVE-2005-4462

Related Identifiers

Affected Products

References · 5