PT-2006-2943 · Actual · Actualscripts Server+2

Aesthetico

Published

2006-04-21

Updated

2018-10-18

CVE-2006-1959

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ActualAnalyzer Lite versions 2.72 and earlier ActualScripts Gold versions 7.63 and earlier ActualScripts Server versions 8.23 and earlier

Description The issue allows remote attackers to execute arbitrary code via a URL in the rf parameter. This is a result of a remote file inclusion vulnerability in the direct.php file.

Recommendations For ActualAnalyzer Lite versions 2.72 and earlier, update to a version later than 2.72. For ActualScripts Gold versions 7.63 and earlier, update to a version later than 7.63. For ActualScripts Server versions 8.23 and earlier, update to a version later than 8.23.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1959

Affected Products

Actualanalyzer Lite

Actualscripts Gold

Actualscripts Server

PT-2006-2943 · Actual · Actualscripts Server+2

CVE-2006-1959

Related Identifiers

Affected Products

References · 11