exploitDog

CVE-2007-2236

Опубликовано: 25 апр. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*

Версия до 1.2.14 (включая)

EPSS

Процентиль: 80%

0.01333

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-79jm-rjrp-g4xq

github

почти 4 года назад

footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.

EPSS

Процентиль: 80%

0.01333

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other