PT-2006-5344 · Chxo · Chxo Feedsplitter

Published

2006-09-06

Updated

2018-10-17

CVE-2006-4551

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CHXO Feedsplitter version 2006-01-21

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via the file specified as the value of the format parameter, and possibly the RSS feed.

Recommendations For CHXO Feedsplitter version 2006-01-21, consider restricting access to the format parameter to minimize the risk of exploitation. Avoid using untrusted input for the RSS feed until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4551

Affected Products

Chxo Feedsplitter

PT-2006-5344 · Chxo · Chxo Feedsplitter

CVE-2006-4551

Related Identifiers

Affected Products

References · 4