PT-2006-3766 · Aspweblinks · Aspweblinks

Ajann

Published

2006-06-06

Updated

2018-10-18

CVE-2006-2848

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions aspWebLinks version 2.0

Description The issue allows remote attackers to change the administrative password. This can be achieved possibly via a direct request with a modified txtAdministrativePassword field to the "links.asp" endpoint.

Recommendations For aspWebLinks version 2.0, consider restricting access to the "links.asp" endpoint until a fix is available. As a temporary workaround, avoid using the txtAdministrativePassword field in requests to this endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2848

Affected Products

Aspweblinks

PT-2006-3766 · Aspweblinks · Aspweblinks

CVE-2006-2848

Related Identifiers

Affected Products

References · 4