CVE-2007-4181

Опубликовано: 08 авг. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pluck:pluck:4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00759

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-c345-8824-6347

github

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request.