Lucene search

VCardLITE-2.4.txt

🗓️ 13 Feb 2006 00:00:00Reported by disruptorType

packetstorm🔗 packetstormsecurity.com👁 20 Views

Vulnerability in VCard Lite v2.4 allows remote code executio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`===========================================================  
  
Title: Vcard Lite Remote Vulnerabilitie  
Vulnerability discovery: Disruptor  
Date: 11/02/2006  
Severity: Remote Users Can Execute Arbitrary Code.  
Affected version: <= v2.4  
http://www.belchiorfoundry.com/  
=  
  
============================================================  
  
* Summary *  
  
VCardLITE is free PHP postcard software.  
  
-------------------------------------------------------------  
  
* Problem Description *  
  
Default installation dont remote install.php  
* Remote users can re-install script: install.php  
* And view login and password of mysql  
* Execute command or php code >).  
  
-------------------------------------------------------------  
  
* Fix *  
  
1-Remove install.php.  
  
----  
  
2-  
  
<?  
  
if(file_exists('install.php')) {  
die('remove install.php 0_O');  
}  
  
?>  
  
-------------------------------------------------------------  
  
Search: google =x \/ allinurl: /vcardlite24/ /vcardlite23/ /vcardlite22/ /vcardlite21/ /vcardlite20/  
  
* Credits *  
  
Vulnerability reported by Disruptor  
Contact [email protected]  
  
  
--   
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Feb 2006 00:00Current

7.4High risk

Vulners AI Score7.4