PT-2006-4390 · Ajaxportal · Ajaxportal
Trueend5
·
Published
2006-07-11
·
Updated
2018-10-18
·
CVE-2006-3515
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AjaxPortal version 3.0
Description
The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the
username or password parameters in the loginADP function in ajaxp.php.Recommendations
For AjaxPortal version 3.0, consider restricting access to the loginADP function in ajaxp.php until a patch is available. As a temporary workaround, avoid using the
username and password parameters in the affected API endpoint until the issue is resolved.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ajaxportal