CVE-2006-4349

Опубликовано: 24 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:toenda_software_development:toendacms:1.0:*:*:*:*:*:*:*

cpe:2.3:a:toenda_software_development:toendacms:stable_1.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05721

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-mcv9-jvjf-x95q

github

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php.