PT-2007-5982 · Rw · Rw::Download

K1Tk4T

Published

2007-09-12

Updated

2017-09-29

CVE-2007-4845

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: RW::Download version 2.0.3 lite

Description: The issue concerns SQL injection vulnerabilities in the UPLOAD/index.php file. Remote attackers can execute arbitrary SQL commands by manipulating the dlid or cid parameters.

Recommendations: For RW::Download version 2.0.3 lite, avoid using the dlid and cid parameters in the UPLOAD/index.php file until a patch is available. As a temporary workaround, consider restricting access to the UPLOAD/index.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-4845

Affected Products

Rw::Download

PT-2007-5982 · Rw · Rw::Download

CVE-2007-4845

Weakness Enumeration

Related Identifiers

Affected Products

References · 4