Описание
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
Ссылки
- Mailing ListPatch
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListPatch
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpgedview:phpgedview:2.61:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07132
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-829
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
EPSS
Процентиль: 91%
0.07132
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-829