PT-2007-6164 · Clansphere · Clansphere
Published
2007-09-24
·
Updated
2017-09-29
·
CVE-2007-5061
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Clansphere version 2007.4
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the
cat id parameter in the /index.php endpoint, specifically in a banners action.Recommendations
For Clansphere version 2007.4, consider restricting access to the
navlist.php file in the mods/banners directory until a patch is available. As a temporary workaround, avoid using the cat id parameter in the /index.php endpoint for banners actions to minimize the risk of exploitation.Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clansphere