PT-2007-5363 · Unknown · Al-Caricatier

Published

2007-08-07

Updated

2018-10-15

CVE-2007-4167

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AL-Caricatier version 2.5

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter in the cat viewed.php file.

Recommendations For AL-Caricatier version 2.5, consider restricting access to the cat viewed.php file or validating and sanitizing the CatName parameter to prevent remote file inclusion attacks. As a temporary workaround, avoid using the CatName parameter in the affected file until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4167

Affected Products

Al-Caricatier

PT-2007-5363 · Unknown · Al-Caricatier

CVE-2007-4167

Related Identifiers

Affected Products

References · 5