Описание
PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable
Комментарий
CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable.
Уязвимые конфигурации
Конфигурация 1Версия до 0.5.3 (включая)
Одно из
cpe:2.3:a:gnopaste:gnopaste:*:*:*:*:*:*:*:*
cpe:2.3:a:gnopaste:gnopaste:0.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01043
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable.
EPSS
Процентиль: 77%
0.01043
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94