PT-2007-2663 · Audins · Audins Audiens

Published

2007-03-03

Updated

2017-07-29

CVE-2007-1242

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Audins Audiens version 3.3

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the PHPSESSID cookie in the system/index.php file.

Recommendations For Audins Audiens version 3.3, update the system/index.php file to properly sanitize the PHPSESSID cookie to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the system/index.php file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1242

Affected Products

Audins Audiens

PT-2007-2663 · Audins · Audins Audiens

CVE-2007-1242

Related Identifiers

Affected Products

References · 5