PT-2006-2556 · X-Changer · X-Changer

Published

2006-03-31

Updated

2018-10-18

CVE-2006-1557

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: X-Changer version 0.2

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the from and into parameters in a calculate action, and the id parameter in an edit action to "index.php".

Recommendations: For X-Changer version 0.2, as a temporary workaround, consider restricting access to the calculate and edit actions in index.php until a patch is available. Avoid using the from, into, and id parameters in the affected actions until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1557

Affected Products

X-Changer

PT-2006-2556 · X-Changer · X-Changer

CVE-2006-1557

Related Identifiers

Affected Products

References · 9