PT-2006-6585 · Php · Rapidkill

Null

Published

2006-11-15

Updated

2018-10-17

CVE-2006-5918

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RapidKill (aka PHP Rapid Kill) versions 5.7 Pro and certain other versions

Description The issue allows remote attackers to upload and execute arbitrary PHP scripts via the Link to Download field. It is possible that the field value is restricted to files on specific public web sites.

Recommendations For RapidKill (aka PHP Rapid Kill) versions 5.7 Pro and certain other versions, restrict access to the Link to Download field to prevent uploading and executing arbitrary PHP scripts until a fix is available. Consider implementing validation and sanitization for the Link to Download field to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5918

Affected Products

Rapidkill

PT-2006-6585 · Php · Rapidkill

CVE-2006-5918

Related Identifiers

Affected Products

References · 5