PT-2006-5499 · Ccleague · Ccleague Pro Sports Cms

Kacper

Published

2006-09-12

Updated

2018-10-17

CVE-2006-4721

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CCleague Pro Sports CMS version 1.0.1 RC1

Description A directory traversal issue exists, allowing remote attackers to read and execute arbitrary local files. This is achieved by using a .. (dot dot) sequence and a trailing null (%00) byte in the language Cookie parameter. For example, an attacker could execute PHP code via a log file.

Recommendations For CCleague Pro Sports CMS version 1.0.1 RC1, consider restricting access to the admin.php file and the language Cookie parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the language Cookie parameter with untrusted input until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4721

Affected Products

Ccleague Pro Sports Cms

PT-2006-5499 · Ccleague · Ccleague Pro Sports Cms

CVE-2006-4721

Related Identifiers

Affected Products

References · 8