CVE-2007-2503

Опубликовано: 04 мая 2007

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php_turbulence:php_turbulence:0.0.1_alpha:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06117

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8494-fm64-qqw2

github

почти 4 года назад

** DISPUTED ** Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion.