Описание
Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:scribe:scribe:0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10524
Средний
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.
EPSS
Процентиль: 93%
0.10524
Средний
7.5 High
CVSS2
Дефекты
CWE-94