CVE-2006-1576

Опубликовано: 02 апр. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.

Ссылки

http://evuln.com/vulns/113/description.html
http://secunia.com/advisories/19479
Vendor Advisory
http://www.osvdb.org/24291
http://www.securityfocus.com/archive/1/430741/100/0/threaded
http://www.securityfocus.com/bid/17335
https://exchange.xforce.ibmcloud.com/vulnerabilities/25548
http://evuln.com/vulns/113/description.html
http://secunia.com/advisories/19479
Vendor Advisory
http://www.osvdb.org/24291
http://www.securityfocus.com/archive/1/430741/100/0/threaded
http://www.securityfocus.com/bid/17335
https://exchange.xforce.ibmcloud.com/vulnerabilities/25548

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vscripts.pl:qlnews:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.012

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-r22q-4c32-8579

github

почти 4 года назад