exploitDog

GHSA-88xw-fpf4-57m7

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.

Ссылки

EPSS

Процентиль: 93%

0.10831

Средний

CVE ID

Связанные уязвимости

CVE-2006-2149

nvd

почти 20 лет назад

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.

EPSS

Процентиль: 93%

0.10831

Средний

CVE ID