CVE-2007-0531

Опубликовано: 26 янв. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

Ссылки

http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html
Exploit
Vendor Advisory
http://osvdb.org/32951
http://secunia.com/advisories/23898
Vendor Advisory
http://securitytracker.com/id?1017549
http://www.freewebshop.org/?id=36
http://www.vupen.com/english/advisories/2007/0319
https://exchange.xforce.ibmcloud.com/vulnerabilities/31732
http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html
Exploit
Vendor Advisory
http://osvdb.org/32951
http://secunia.com/advisories/23898
Vendor Advisory
http://securitytracker.com/id?1017549
http://www.freewebshop.org/?id=36
http://www.vupen.com/english/advisories/2007/0319
https://exchange.xforce.ibmcloud.com/vulnerabilities/31732

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freewebshop:freewebshop:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:freewebshop:freewebshop:2.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01362

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-q835-qjxq-77p3

github

почти 4 года назад