PT-2006-3479 · Destiney · Destiney Rated Images Script

Luny

Published

2006-05-22

Updated

2018-10-18

CVE-2006-2532

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Destiney Rated Images Script version 0.5.0

Description The issue allows remote attackers to obtain the installation path via an invalid s parameter in the stats.php file, which displays the path in an error message. Initially, it was thought to be related to SQL injection, but analysis shows the problem is due to an invalid value that prevents some variables from being set.

Recommendations For Destiney Rated Images Script version 0.5.0, consider validating and sanitizing the s parameter in the stats.php file to prevent the disclosure of the installation path. As a temporary workaround, restrict access to the stats.php file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2532

Affected Products

Destiney Rated Images Script

PT-2006-3479 · Destiney · Destiney Rated Images Script

CVE-2006-2532

Related Identifiers

Affected Products

References · 4