PT-2006-4085 · Hotplug · Hotplug Cms

Guest01

Published

2006-06-23

Updated

2016-10-18

CVE-2006-3190

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HotPlug CMS version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the username and password parameters in the administration/includes/login/auth.php file.

Recommendations For HotPlug CMS version 1.0, consider restricting access to the administration/includes/login/auth.php file until a patch is available, and avoid using the username and password parameters in this context to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3190

Affected Products

Hotplug Cms

PT-2006-4085 · Hotplug · Hotplug Cms

CVE-2006-3190

Related Identifiers

Affected Products

References · 4