PT-2006-1983 · Shoutlive · Shoutlive

Aliaksandr Hartsuyeu

Published

2006-03-01

Updated

2018-10-18

CVE-2006-0940

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ShoutLIVE version 1.1.0

Description The issue concerns direct static code injection vulnerabilities in the savesettings.php file. Remote attackers can execute arbitrary PHP code via variables written to settings.php.

Recommendations For ShoutLIVE version 1.1.0, consider restricting access to the savesettings.php file and settings.php to minimize the risk of exploitation until a patch is available. Avoid using variables that can be manipulated by remote attackers in the savesettings.php file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0940

Affected Products

Shoutlive

PT-2006-1983 · Shoutlive · Shoutlive

CVE-2006-0940

Related Identifiers

Affected Products

References · 10