PT-2006-6131 · Php · Php Outburst Easynews

Nuffsaid

Published

2006-10-20

Updated

2017-10-19

CVE-2006-5412

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP Outburst Easynews versions 4.4.1 and earlier

Description The issue allows remote attackers to bypass authentication and gain the ability to execute arbitrary code when the register globals setting is enabled. This is achieved via the en login id parameter.

Recommendations For PHP Outburst Easynews versions 4.4.1 and earlier, disable the register globals setting to prevent exploitation. Additionally, consider restricting access to the admin.php file until a fix is available. As a temporary workaround, avoid using the en login id parameter in the affected admin.php file.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5412

Affected Products

Php Outburst Easynews

PT-2006-6131 · Php · Php Outburst Easynews

CVE-2006-5412

Related Identifiers

Affected Products

References · 6