PT-2006-6547 · Munch · Munch Pro

Ajann

Published

2006-11-14

Updated

2017-10-19

CVE-2006-5880

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Munch Pro version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the catid parameter in the switch.asp page, specifically on the subMenu page.

Recommendations For Munch Pro version 1.0, consider restricting access to the switch.asp page or the subMenu page to minimize the risk of exploitation. As a temporary workaround, avoid using the catid parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5880

Affected Products

Munch Pro

PT-2006-6547 · Munch · Munch Pro

CVE-2006-5880

Related Identifiers

Affected Products

References · 6