Описание
PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.2 (включая)
Одно из
cpe:2.3:a:mamboxchange:peoplebook:*:*:*:*:*:*:*:*
cpe:2.3:a:mamboxchange:peoplebook:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10243
Средний
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
EPSS
Процентиль: 93%
0.10243
Средний
6.8 Medium
CVSS2
Дефекты
CWE-94