exploitDog

GHSA-r52f-5hg7-pqvr

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Ссылки

EPSS

Процентиль: 93%

0.10243

Средний

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2006-4195

nvd

больше 19 лет назад

PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS

Процентиль: 93%

0.10243

Средний

CVE ID

Дефекты

CWE-94