PT-2007-4876 · Asteridex · Asteridex

Carl Livitt

Published

2007-07-09

Updated

2018-10-15

CVE-2007-3621

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AsteriDex versions 3.0 and earlier

Description The issue allows remote attackers to inject arbitrary shell commands via the IN and OUT parameters in the callboth.php file.

Recommendations For AsteriDex versions 3.0 and earlier, consider restricting access to the callboth.php file until a patch is available. As a temporary workaround, avoid using the IN and OUT parameters in the affected file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3621

Affected Products

Asteridex

PT-2007-4876 · Asteridex · Asteridex

CVE-2007-3621

Related Identifiers

Affected Products

References · 11