PT-2006-2542 · Ezaspsite · Ezaspsite

Nukedx

Published

2006-03-30

Updated

2018-10-18

CVE-2006-1541

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: EzASPSite versions 2.0 RC3 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter in Default.asp.

Recommendations: For EzASPSite versions 2.0 RC3 and earlier, consider restricting access to the Default.asp page until a fix is available. As a temporary workaround, avoid using the Scheme parameter in the affected page to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1541

Affected Products

Ezaspsite

PT-2006-2542 · Ezaspsite · Ezaspsite

CVE-2006-1541

Related Identifiers

Affected Products

References · 10