CVE-2007-0863

Опубликовано: 09 фев. 2007

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trevorchan:trevorchan:*:*:*:*:*:*:*:*

Версия до 0.7 (включая)

EPSS

Процентиль: 94%

0.11986

Средний

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7j2c-pff8-vf24

github

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.