PT-2008-5751 · Fastpublish · Fastpublish Cms

~!Dok_Tor!~

Published

2008-10-09

Updated

2017-09-29

CVE-2008-4518

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Fastpublish CMS version 1.9.9.9.9 d (1.9999 d)

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the sprache parameter to "index2.php" and the artikel parameter to "index.php".

Recommendations: For Fastpublish CMS version 1.9.9.9.9 d (1.9999 d), consider restricting access to the index2.php and index.php endpoints until a patch is available. As a temporary workaround, avoid using the sprache and artikel parameters in the affected API endpoints.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-4518

Affected Products

Fastpublish Cms

PT-2008-5751 · Fastpublish · Fastpublish Cms

CVE-2008-4518

Weakness Enumeration

Related Identifiers

Affected Products

References · 7