PT-2007-7269 · Bitweaver · Bitweaver

Doz

Published

2007-12-17

Updated

2018-10-15

CVE-2007-6412

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bitweaver versions 2.0.0 and earlier

Description A direct static code injection issue exists when comments are enabled, allowing remote attackers to inject arbitrary PHP code via an editcomments action.

Recommendations For Bitweaver versions 2.0.0 and earlier, consider disabling the comments feature to prevent exploitation until a fix is available.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-6412

Affected Products

Bitweaver

PT-2007-7269 · Bitweaver · Bitweaver

CVE-2007-6412

Weakness Enumeration

Related Identifiers

Affected Products

References · 8