Описание
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-2260
- http://osvdb.org/35621
- http://osvdb.org/35622
- http://osvdb.org/35623
- http://osvdb.org/35624
- http://osvdb.org/35625
- http://osvdb.org/35626
- http://osvdb.org/35627
- http://osvdb.org/35628
- http://osvdb.org/35629
- http://osvdb.org/35630
- http://osvdb.org/35631
- http://osvdb.org/35632
- http://osvdb.org/35633
- http://securityreason.com/securityalert/2624
- http://www.securityfocus.com/archive/1/466683/100/0/threaded
Связанные уязвимости
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.