PT-2006-1774 · Reamday Enterprises · Magic Downloads

Aliaksandr Hartsuyeu

Published

2006-02-16

Updated

2018-10-19

CVE-2006-0722

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Reamday Enterprises Magic Downloads version 1.1.3

Description The issue allows remote attackers to modify program behavior, potentially bypassing authentication controls, when register globals is enabled. This is achieved via modified variables, including action, passwd, admin password, new passwd, and confirm passwd, which are not initialized.

Recommendations For Reamday Enterprises Magic Downloads version 1.1.3, consider disabling the register globals setting to prevent exploitation. Additionally, initialize all variables, including action, passwd, admin password, new passwd, and confirm passwd, to prevent unauthorized modification of program behavior.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0722

Affected Products

Magic Downloads

PT-2006-1774 · Reamday Enterprises · Magic Downloads

CVE-2006-0722

Related Identifiers

Affected Products

References · 8