Описание
Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.
Ссылки
- Vendor Advisory
- ExploitPatchVendor Advisory
- Patch
- Patch
- Vendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:usolved:newsolved_lite:1.9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13909
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.
EPSS
Процентиль: 94%
0.13909
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other