PT-2007-1542 · Geckovich · Geckovich Tasktracker Pro

Ajann

Published

2007-01-04

Updated

2017-10-19

CVE-2007-0049

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Geckovich TaskTracker Pro versions 1.5 and earlier

Description The issue allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to "Customize.asp".

Recommendations For Geckovich TaskTracker Pro versions 1.5 and earlier, consider restricting access to the Customize.asp endpoint until a fix is available. As a temporary workaround, limit the ability to add new accounts or modify existing ones to prevent potential exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0049

Affected Products

Geckovich Tasktracker Pro

PT-2007-1542 · Geckovich · Geckovich Tasktracker Pro

CVE-2007-0049

Related Identifiers

Affected Products

References · 6