PT-2006-7003 · Plx · Plx Pay

Published

2006-12-08

Updated

2017-07-29

CVE-2006-6392

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions plx Pay versions 3.2 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the read parameter of index.php. This could lead to the exposure of user credentials and other sensitive data.

Recommendations For plx Pay versions 3.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6392

Affected Products

Plx Pay

PT-2006-7003 · Plx · Plx Pay

CVE-2006-6392

Related Identifiers

Affected Products

References · 5