PT-2006-5673 · Starnet · Site@School

Simo64

Published

2006-09-21

Updated

2016-10-18

CVE-2006-4921

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Site@School versions 2.4.03 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to "starnet/modules/include/include.php".

Recommendations For versions 2.4.03 and earlier, consider restricting access to the include.php file in the starnet/modules/include directory until a fix is available. Avoid using the cmsdir parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4921

Affected Products

Site@School

PT-2006-5673 · Starnet · Site@School

CVE-2006-4921

Related Identifiers

Affected Products

References · 7