PT-2007-6747 · Teatro · Teatro

Alkomandoz Hacker

Published

2007-11-01

Updated

2018-10-15

CVE-2007-5780

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions teatro version 1.6

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter in the pub/pub08 comments.php file.

Recommendations For teatro version 1.6, consider restricting access to the basePath parameter in the pub/pub08 comments.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the basePath parameter in the affected file until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-5780

Affected Products

Teatro

PT-2007-6747 · Teatro · Teatro

CVE-2007-5780

Weakness Enumeration

Related Identifiers

Affected Products

References · 6