PT-2009-2474 · Minb · Minb

Ircrash

Published

2009-08-19

Updated

2018-10-11

CVE-2008-7005

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions minb version 0.1.0

Description The issue allows remote attackers to execute arbitrary PHP code via the quotes to edit parameter in the include/modules/top/1-random quote.php file. This could potentially lead to unrestricted file upload as a consequence of code execution.

Recommendations For minb version 0.1.0, avoid using the quotes to edit parameter in the affected file until a fix is available. As a temporary workaround, consider restricting access to the include/modules/top/1-random quote.php file to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-7005

Affected Products

Minb

PT-2009-2474 · Minb · Minb

CVE-2008-7005

Weakness Enumeration

Related Identifiers

Affected Products

References · 6