PT-2006-6222 · Unknown · Der Dirigent

Published

2006-10-25

Updated

2017-07-20

CVE-2006-5507

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Der Dirigent (DeDi) version 1.0.3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the cfg dedi[dedi path] parameter in multiple PHP files, including 'find.php', 'insert line.php', 'fullscreen.php', 'changecase.php', 'insert link.php', 'insert table.php', 'table cellprop.php', 'table prop.php', 'table rowprop.php', 'insert page.php', and possibly 'insert marquee.php' in the 'backend/external/wysiswg/popups/' directory.

Recommendations For Der Dirigent (DeDi) version 1.0.3, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the cfg dedi[dedi path] parameter in the affected files.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2006-5507

Affected Products

Der Dirigent

PT-2006-6222 · Unknown · Der Dirigent

CVE-2006-5507

Weakness Enumeration

Related Identifiers

Affected Products

References · 16