PT-2008-4317 · Awt Yekta · Academic Web Tools

Published

2008-06-26

Updated

2018-10-11

CVE-2008-2878

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Academic Web Tools (AWT YEKTA) versions 1.4.3.1, 1.4.2.8 and earlier

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter. This can be exploited by providing a malicious URL in the file parameter.

Recommendations For versions 1.4.3.1, 1.4.2.8 and earlier, consider restricting access to the rss getfile.php file until a fix is available. As a temporary workaround, avoid using the file parameter in the rss getfile.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-2878

Affected Products

Academic Web Tools

PT-2008-4317 · Awt Yekta · Academic Web Tools

CVE-2008-2878

Related Identifiers

Affected Products

References · 8