PT-2007-4698 · Phptraffica · Phptraffica
Laurent Gaffiã©
·
Published
2007-06-27
·
Updated
2018-10-16
·
CVE-2007-3427
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpTrafficA versions 1.4.2 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
pageid parameter in a "stats" action.Recommendations
For phpTrafficA versions 1.4.2 and earlier, consider updating to a version later than 1.4.2 to resolve the issue. As a temporary workaround, restrict access to the
index.php file or avoid using the pageid parameter in the stats action until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phptraffica