CVE-2007-5173

Опубликовано: 03 окт. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.

Ссылки

http://osvdb.org/37419
http://secunia.com/advisories/27001
http://www.securityfocus.com/archive/1/481215/100/0/threaded
http://www.securityfocus.com/bid/25867
Exploit
http://www.vupen.com/english/advisories/2007/3330
https://exchange.xforce.ibmcloud.com/vulnerabilities/36876
https://www.exploit-db.com/exploits/4471
http://osvdb.org/37419
http://secunia.com/advisories/27001
http://www.securityfocus.com/archive/1/481215/100/0/threaded
http://www.securityfocus.com/bid/25867
Exploit
http://www.vupen.com/english/advisories/2007/3330
https://exchange.xforce.ibmcloud.com/vulnerabilities/36876
https://www.exploit-db.com/exploits/4471

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openid:openid:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02194

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-w67c-79jh-g7ff

github

почти 4 года назад