exploitDog

CVE-2005-2691

Опубликовано: 24 авг. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.

Ссылки

http://secunia.com/advisories/16514
Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00094-08192005
Vendor Advisory
http://secunia.com/advisories/16514
Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00094-08192005
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:runcms:runcms:1.1:*:*:*:*:*:*:*

cpe:2.3:a:runcms:runcms:1.1a:*:*:*:*:*:*:*

cpe:2.3:a:runcms:runcms:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01715

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-vhg4-4fwp-2prc

github

почти 4 года назад

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.

EPSS

Процентиль: 82%

0.01715

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other