PT-2007-4067 · Phpglossar · Phpglossar

Kezzap66345

Published

2007-05-17

Updated

2017-10-11

CVE-2007-2751

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPGlossar version 0.8

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the format menue parameter to specific API endpoints, such as "admin/inc/change action.php" or "admin/inc/add.php".

Recommendations For PHPGlossar version 0.8, consider restricting access to the admin/inc/change action.php and admin/inc/add.php endpoints to minimize the risk of exploitation. Avoid using the format menue parameter in these endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2751

Affected Products

Phpglossar

PT-2007-4067 · Phpglossar · Phpglossar

CVE-2007-2751

Related Identifiers

Affected Products

References · 7