PT-2008-6706 · Myiosoft · Myiosoft Ajaxportal

Zorlu

Published

2008-12-17

Updated

2017-10-19

CVE-2008-5653

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MyioSoft AjaxPortal version 3.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through the rsargs parameter, which is accessible via the username parameter in the "ajaxp.php" file, specifically in the loginADP function.

Recommendations For MyioSoft AjaxPortal version 3.0, consider restricting access to the loginADP function in "ajaxp.php" to minimize the risk of exploitation. Avoid using the rsargs parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-5653

Affected Products

Myiosoft Ajaxportal

PT-2008-6706 · Myiosoft · Myiosoft Ajaxportal

CVE-2008-5653

Weakness Enumeration

Related Identifiers

Affected Products

References · 5