PT-2006-4898 · Unknown · Me Download System

Published

2006-08-10

Updated

2011-03-08

CVE-2006-4054

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ME Download System version 1.3

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in specific parameters to certain PHP files, including inc/sett style.php, inc/sett smilies.php, and inc/datei.php. The vulnerable parameters are Vb8878b936c2bd8ae0cab, Vb6c4d0e18a204a63b38f, V18a78b93c3adaaae84e2, and V9ae5d2ca9e9e787969ff.

Recommendations For ME Download System version 1.3, consider disabling the inc/sett style.php, inc/sett smilies.php, and inc/datei.php files until a patch is available to prevent the execution of arbitrary PHP code. Avoid using the parameters Vb8878b936c2bd8ae0cab, Vb6c4d0e18a204a63b38f, V18a78b93c3adaaae84e2, and V9ae5d2ca9e9e787969ff in the affected API endpoints.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4054

Affected Products

Me Download System

PT-2006-4898 · Unknown · Me Download System

CVE-2006-4054

Related Identifiers

Affected Products

References · 6