PT-2006-1246 · Myphpim · Myphpim
Aliaksandr Hartsuyeu
·
Published
2006-01-11
·
Updated
2018-10-19
·
CVE-2006-0167
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MyPhPim version 01.05
Description
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the
cal id parameter in "calendar.php3" and the password field on the login page.Recommendations
For MyPhPim version 01.05, consider restricting access to the calendar.php3 page and the login page to minimize the risk of exploitation. As a temporary workaround, avoid using the
cal id parameter in calendar.php3 and the password field on the login page until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Myphpim