PT-2007-2815 · Premod · Premod Subdog 2

Published

2007-03-13

Updated

2018-10-16

CVE-2007-1421

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Premod SubDog 2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter to specific PHP files, including functions kb.php, themen portal mitte.php, and logger engine.php in the includes/ directory.

Recommendations For Premod SubDog 2, consider restricting access to the phpbb root path parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the phpbb root path parameter in the "/includes/functions kb.php", "/includes/themen portal mitte.php", and "/includes/logger engine.php" API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1421

Affected Products

Premod Subdog 2

PT-2007-2815 · Premod · Premod Subdog 2

CVE-2007-1421

Related Identifiers

Affected Products

References · 10