PT-2006-3154 · Ftrainsoft · Ftrainsoft Fast Click

R@1D3N

Published

2006-05-04

Updated

2018-10-18

CVE-2006-2175

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions FtrainSoft Fast Click versions 2.3.8 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) "show.php" or (2) "top.php" API endpoints.

Recommendations For FtrainSoft Fast Click versions 2.3.8 and earlier, consider disabling access to the show.php and top.php endpoints until a patch is available. Restrict the use of the path parameter in these endpoints to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2175

Affected Products

Ftrainsoft Fast Click

PT-2006-3154 · Ftrainsoft · Ftrainsoft Fast Click

CVE-2006-2175

Related Identifiers

Affected Products

References · 11