PT-2005-5306 · Eazycms · Eazycms

Published

2005-12-31

Updated

2008-09-20

CVE-2005-4641

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions eazyCMS version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the page id parameter in the "home.php" file.

Recommendations For eazyCMS version 2.0, consider restricting access to the page id parameter in the home.php file until a patch is available. As a temporary workaround, avoid using the page id parameter in the affected endpoint.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4641

Affected Products

Eazycms

PT-2005-5306 · Eazycms · Eazycms

CVE-2005-4641

Related Identifiers

Affected Products

References · 4