PT-2007-3631 · Garennes · Garennes

Gold_M

Published

2007-04-26

Updated

2017-10-11

CVE-2007-2298

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Garennes versions 0.6.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the repertoire config parameter to index.php in various directories, including (1) cpe/, (2) direction/, or (3) professeurs/.

Recommendations For Garennes versions 0.6.1 and earlier, consider restricting access to the repertoire config parameter in the affected API endpoints, such as "index.php" in the cpe/, direction/, and professeurs/ directories, until a fix is available. Avoid using the repertoire config parameter in these endpoints to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2298

Affected Products

Garennes

PT-2007-3631 · Garennes · Garennes

CVE-2007-2298

Related Identifiers

Affected Products

References · 5