PT-2007-5359 · Indexscript · Indexscript

Published

2007-08-03

Updated

2008-11-15

CVE-2007-4163

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IndexScript versions 2.7 and 2.8 before 20070726

Description The issue allows remote attackers to execute arbitrary SQL commands via the cat id, start id, row[parent id], and row[cat id] parameters. This is related to the use of these parameters within the include/utils.php component.

Recommendations For IndexScript versions 2.7 and 2.8 before 20070726, consider restricting access to the parameters cat id, start id, row[parent id], and row[cat id] in the affected components until a fix is available. As a temporary workaround, avoid using these parameters in the include/utils.php file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4163

Affected Products

Indexscript

PT-2007-5359 · Indexscript · Indexscript

CVE-2007-4163

Related Identifiers

Affected Products

References · 3