PT-2006-2931 · Nicplex · Plexum

Published

2006-04-20

Updated

2017-07-20

CVE-2006-1947

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NicPlex Plexum versions X5 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the pagesize, maxrec, and startpos parameters.

Recommendations For versions X5 and earlier, consider restricting access to the vulnerable parameters pagesize, maxrec, and startpos to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1947

Affected Products

Plexum

PT-2006-2931 · Nicplex · Plexum

CVE-2006-1947

Related Identifiers

Affected Products

References · 7