PT-2007-2708 · Rigter · Rigter Portal System

S0Cratex

Published

2007-03-07

Updated

2018-10-16

CVE-2007-1293

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Rigter Portal System (RPS) version 6.2

Description The issue allows remote attackers to execute arbitrary SQL commands, possibly related to ver descarga.php, when the magic quotes gpc setting is disabled. This can be achieved via the categoria parameter to the "index.php" endpoint.

Recommendations For RPS version 6.2, consider disabling the use of the categoria parameter in the "index.php" endpoint until a fix is available, or enable the magic quotes gpc setting to prevent SQL injection attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1293

Affected Products

Rigter Portal System

PT-2007-2708 · Rigter · Rigter Portal System

CVE-2007-1293

Related Identifiers

Affected Products

References · 8