CVE-2006-2682

Опубликовано: 31 мая 2006

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.

Ссылки

http://secunia.com/advisories/20292
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1979
https://exchange.xforce.ibmcloud.com/vulnerabilities/26699
https://www.exploit-db.com/exploits/1825
http://secunia.com/advisories/20292
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1979
https://exchange.xforce.ibmcloud.com/vulnerabilities/26699
https://www.exploit-db.com/exploits/1825

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:back-end:back-end_cms:0.7.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06684

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rc64-vc84-c92c

github

почти 4 года назад