PT-2006-2216 · Daverave · Daverave Link Bank

Retard

Published

2006-03-14

Updated

2018-10-18

CVE-2006-1200

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions daverave Link Bank (affected versions not specified)

Description A direct static code injection issue exists due to the lack of sanitization of the url name parameter in the add link.txt file. This allows remote attackers to execute arbitrary PHP code, which is later stored in links.txt and used in an include statement.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1200

Affected Products

Daverave Link Bank

PT-2006-2216 · Daverave · Daverave Link Bank

CVE-2006-1200

Related Identifiers

Affected Products

References · 7