PT-2007-1285 · Robin De Graff · Robin De Graff Somery
Spc-X
·
Published
2007-02-12
·
Updated
2024-08-07
·
CVE-2006-7006
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Robin de Graff Somery version 0.4.4
Description
A remote file inclusion issue in upload/admin/team.php allows remote attackers to potentially execute arbitrary PHP code via a URL in the
checkauth parameter. However, it's noted that the checkauth parameter is only used in conditionals, which might affect the exploitability of this issue.Recommendations
For version 0.4.4, consider restricting access to the upload/admin/team.php file until a patch is available, and avoid using the
checkauth parameter in this context to minimize potential risks.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Robin De Graff Somery