PT-2007-5365 · Al-Athkar · Al-Athkar

Published

2007-08-07

Updated

2018-10-15

CVE-2007-4170

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AL-Athkar version 2.0

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the include parameter to "Main.php" and "get.php" and the exec parameter to "count.php".

Recommendations For AL-Athkar version 2.0, consider disabling the include parameter in "Main.php" and "get.php" and the exec parameter in "count.php" as a temporary workaround until a patch is available. Restrict access to these parameters to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4170

Affected Products

Al-Athkar

PT-2007-5365 · Al-Athkar · Al-Athkar

CVE-2007-4170

Related Identifiers

Affected Products

References · 4