PT-2008-6224 · Pro Chat Rooms · Pro Chat Rooms

~!Dok_Tor!~

Published

2008-11-14

Updated

2017-09-29

CVE-2008-5070

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pro Chat Rooms version 3.0.3

Description The issue allows remote attackers to execute arbitrary SQL commands when the magic quotes gpc setting is disabled. This can be achieved by manipulating the gud parameter in specific API endpoints, such as profiles/index.php and profiles/admin.php.

Recommendations For Pro Chat Rooms version 3.0.3, consider disabling the gud parameter in the affected API endpoints until a patch is available. Additionally, enabling the magic quotes gpc setting can help mitigate this issue. Restrict access to the profiles/index.php and profiles/admin.php endpoints to minimize the risk of exploitation.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-5070

Affected Products

Pro Chat Rooms

PT-2008-6224 · Pro Chat Rooms · Pro Chat Rooms

CVE-2008-5070

Weakness Enumeration

Related Identifiers

Affected Products

References · 6