PT-2010-2822 · Advertisementmanager · Advertisementmanager

Published

2010-03-25

Updated

2017-08-17

CVE-2010-1106

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AdvertisementManager version 3.1.0

Description A remote file inclusion issue in cgi/index.php allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. This can also be used to include and execute arbitrary local files using .. (dot dot) sequences.

Recommendations For AdvertisementManager version 3.1.0, consider restricting access to the cgi/index.php file and the req parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the req parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-1106

Affected Products

Advertisementmanager

PT-2010-2822 · Advertisementmanager · Advertisementmanager

CVE-2010-1106

Weakness Enumeration

Related Identifiers

Affected Products

References · 4