PT-2006-3894 · Dominios Europa · Dominios Europa Picrate

Published

2006-06-13

Updated

2017-07-20

CVE-2006-2987

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Dominios Europa PICRATE (aka TAL RateMyPic) version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters to specific API endpoints, including id, voteid, and vfiel parameters to "index.php", and nick, email, city, messen, and message form field parameters to "add.php".

Recommendations For Dominios Europa PICRATE (aka TAL RateMyPic) version 1.0, consider restricting access to the "index.php" and "add.php" endpoints until a patch is available. As a temporary workaround, avoid using the id, voteid, vfiel, nick, email, city, messen, and message parameters in the affected API endpoints.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2987

Affected Products

Dominios Europa Picrate

PT-2006-3894 · Dominios Europa · Dominios Europa Picrate

CVE-2006-2987

Related Identifiers

Affected Products

References · 4