Описание
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:phplib_team:phplib:7.2:*:*:*:*:*:*:*
cpe:2.3:a:phplib_team:phplib:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:phplib_team:phplib:7.2b:*:*:*:*:*:*:*
cpe:2.3:a:phplib_team:phplib:7.2c:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.30068
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
EPSS
Процентиль: 96%
0.30068
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other