PT-2006-6305 · Minihttp · Minihttp Web Forum & File Server Powerpack

Greg Linares

Published

2006-10-28

Updated

2017-10-19

CVE-2006-5597

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: MiniHTTP Web Forum & File Server PowerPack version 4.0

Description: The issue allows remote attackers to add or modify arbitrary user accounts. This is achieved by modifying the frmMailBox and frmUserPass parameters in the 'join.asp' file.

Recommendations: For MiniHTTP Web Forum & File Server PowerPack version 4.0, avoid using the join.asp file until a fix is available, and restrict access to the frmMailBox and frmUserPass parameters to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5597

Affected Products

Minihttp Web Forum & File Server Powerpack

PT-2006-6305 · Minihttp · Minihttp Web Forum & File Server Powerpack

CVE-2006-5597

Related Identifiers

Affected Products

References · 6