Vulnerability Description
cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netref | Netref | 4.2 |
References
- http://marc.info/?l=bugtraq&m=111403947305600&w=2
- http://secunia.com/advisories/15040Vendor Advisory
- http://www.osvdb.org/15717
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20198
- http://marc.info/?l=bugtraq&m=111403947305600&w=2
- http://secunia.com/advisories/15040Vendor Advisory
- http://www.osvdb.org/15717
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20198
FAQ
What is CVE-2005-1222?
CVE-2005-1222 is a vulnerability with a CVSS score of 7.5 (HIGH). cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racin...
How severe is CVE-2005-1222?
CVE-2005-1222 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1222?
Check the references section above for vendor advisories and patch information. Affected products include: Netref Netref.