PT-2007-7382 · Pmos · Pmos Help Desk

Egix

Published

2007-12-28

Updated

2017-09-29

CVE-2007-6550

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PMOS Help Desk versions 2.4 and earlier

Description The issue allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter in the form.php file. This is possible because form.php sends a redirect to the web browser but does not exit.

Recommendations For PMOS Help Desk versions 2.4 and earlier, consider disabling the form.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the options array parameter in the form.php file to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-6550

Affected Products

Pmos Help Desk

PT-2007-7382 · Pmos · Pmos Help Desk

CVE-2007-6550

Weakness Enumeration

Related Identifiers

Affected Products

References · 7