Описание
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-1596
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20531
- http://secunia.com/advisories/15257
- http://www.exploits.co.in/Article1134.html
- http://www.osvdb.org/16216
- http://www.osvdb.org/16217
- http://www.securiteam.com/exploits/5OP042KFPU.html
- http://www.vupen.com/english/advisories/2005/0508
EPSS
Процентиль: 90%
0.05244
Низкий
CVE ID
Связанные уязвимости
nvd
больше 20 лет назад
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
EPSS
Процентиль: 90%
0.05244
Низкий