PT-2006-3303 · Planet Concept · Planetstat
Alp_Eren
·
Published
2006-05-12
·
Updated
2018-10-18
·
CVE-2006-2338
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PlaNet Concept plaNetStat version 20050127
Description
The issue allows remote attackers to gain administrative privileges and view and configure log files by making a direct request to the "admin.php" or "settings.php" API endpoints.
Recommendations
For version 20050127, consider restricting access to the "admin.php" and "settings.php" API endpoints to prevent unauthorized administrative access until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Planetstat