PT-2006-7357 · Ixprim · Ixprim

Darkfig

Published

2006-12-27

Updated

2018-10-17

CVE-2006-6756

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Ixprim version 1.2

Description: The issue allows remote attackers to potentially gain access to the administration panel via a brute force attack due to a guessable value of the confidential IXP CODE in mainfile.php. This is caused by the code function in install.fct.php.

Recommendations: For Ixprim version 1.2, consider temporarily restricting access to the administration panel until a fix is available, and review the code function in install.fct.php to prevent generating guessable IXP CODE values.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6756

Affected Products

Ixprim

PT-2006-7357 · Ixprim · Ixprim

CVE-2006-6756

Related Identifiers

Affected Products

References · 6