PT-2009-1761 · Broadcast Machine · Broadcast Machine

Noge

Published

2009-02-25

Updated

2017-09-29

CVE-2008-6287

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Broadcast Machine version 0.1

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to various PHP files, including MySQLController.php, SQLController.php, SetupController.php, VideoController.php, and ViewController.php in the controllers/ directory.

Recommendations: For Broadcast Machine version 0.1, consider restricting access to the baseDir parameter in the affected PHP files to minimize the risk of exploitation. Avoid using the baseDir parameter in the API endpoints related to these files until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-6287

Affected Products

Broadcast Machine

PT-2009-1761 · Broadcast Machine · Broadcast Machine

CVE-2008-6287

Weakness Enumeration

Related Identifiers

Affected Products

References · 5