CVE-2005-0720

Опубликовано: 08 мар. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.

Ссылки

http://marc.info/?l=bugtraq&m=111025679324892&w=2
http://secunia.com/advisories/14528
Vendor Advisory
http://www.securityfocus.com/archive/1/476277/100/0/threaded
http://www.securityfocus.com/bid/12776
https://exchange.xforce.ibmcloud.com/vulnerabilities/19616
http://marc.info/?l=bugtraq&m=111025679324892&w=2
http://secunia.com/advisories/14528
Vendor Advisory
http://www.securityfocus.com/archive/1/476277/100/0/threaded
http://www.securityfocus.com/bid/12776
https://exchange.xforce.ibmcloud.com/vulnerabilities/19616

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mcnews:mcnews:1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02205

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-9cmg-x6p3-95g2

github

почти 4 года назад