PT-2006-6195 · Castor · Castor Php Web Builder

Kw3[R]Ln

Published

2006-10-24

Updated

2017-10-19

CVE-2006-5480

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Castor PHP Web Builder version 1.1.1

Description The issue allows remote attackers to execute arbitrary PHP code via the rootpath parameter in the lib/rs.php file.

Recommendations For Castor PHP Web Builder version 1.1.1, consider restricting access to the lib/rs.php file or avoiding the use of the rootpath parameter until a fix is available.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2006-5480

Affected Products

Castor Php Web Builder

PT-2006-6195 · Castor · Castor Php Web Builder

CVE-2006-5480

Weakness Enumeration

Related Identifiers

Affected Products

References · 6