PT-2006-7172 · Genesistrader · Genesistrader

Mr_Kaliman

Published

2006-12-15

Updated

2018-10-17

CVE-2006-6570

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GenesisTrader version 1.0

Description The issue concerns an unrestricted file upload vulnerability. This vulnerability allows remote authenticated users to upload arbitrary files. The vulnerability possibly involves form.php and the ajoutfich action with the foap parameter.

Recommendations For GenesisTrader version 1.0, consider restricting access to the upload.php file and the ajoutfich action in form.php to prevent arbitrary file uploads until a fix is available. As a temporary workaround, restrict the use of the foap action to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6570

Affected Products

Genesistrader

PT-2006-7172 · Genesistrader · Genesistrader

CVE-2006-6570

Related Identifiers

Affected Products

References · 5