CVE-2006-7181

Опубликовано: 30 мар. 2007

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:morcego_cms:morcego_cms:*:*:*:*:*:*:*:*

Версия до 0.9.6 (включая)

EPSS

Процентиль: 81%

0.01602

Низкий

10 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-3qxv-8pqm-xqw3

github

почти 4 года назад

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker.