exploitDog

CVE-2006-6973

Опубликовано: 07 фев. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/.

Ссылки

http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt
Exploit
Vendor Advisory
http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:headstart_solutions:deskpro:*:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.0074

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-p8p6-4mx2-p4q4

github

почти 4 года назад

Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/.

EPSS

Процентиль: 72%

0.0074

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other