Описание
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.5 (включая)
Одно из
cpe:2.3:a:matteolucarelli:pgmreloaded:*:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.5:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.6:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.7:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.8:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:matteolucarelli:pgmreloaded:0.8.4:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02826
Низкий
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.
EPSS
Процентиль: 86%
0.02826
Низкий
7.5 High
CVSS2
Дефекты
CWE-94