Описание
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-3519
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22772
- http://marc.info/?l=bugtraq&m=112966933202769&w=2
- http://secunia.com/advisories/16946
- http://securityreason.com/securityalert/92
- http://securitytracker.com/id?1015075
- http://www.osvdb.org/20035
- http://www.osvdb.org/20036
- http://www.osvdb.org/20037
- http://www.osvdb.org/20038
- http://www.osvdb.org/20039
- http://www.osvdb.org/20040
- http://www.osvdb.org/20041
- http://www.osvdb.org/20042
- http://www.osvdb.org/20043
- http://www.securityfocus.com/bid/15133/discuss
- http://www.vupen.com/english/advisories/2005/2132
EPSS
CVE ID
Связанные уязвимости
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
EPSS