Описание
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
Ссылки
- ExploitPatch
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatchVendor Advisory
- ExploitVendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatchVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:les_visiteurs:les_visiteurs:2.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08378
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
EPSS
Процентиль: 92%
0.08378
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other