PT-2006-1824 · Birthsys · Birthsys
Aliaksandr Hartsuyeu
·
Published
2006-02-19
·
Updated
2017-07-20
·
CVE-2006-0775
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BirthSys version 3.1
Description
The issue concerns SQL injection vulnerabilities in the show.php file. Remote attackers can execute arbitrary SQL commands via the
$month variable.Recommendations
For BirthSys version 3.1, consider restricting access to the show.php file or the
$month variable to minimize the risk of exploitation. As a temporary workaround, avoid using the $month variable in the show.php file until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Birthsys