Описание
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
Ссылки
- Vendor Advisory
- URL Repurposed
- Exploit
- Vendor Advisory
- URL Repurposed
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.00 (включая)
Одно из
cpe:2.3:a:blogator-script:blogator-script:*:*:*:*:*:*:*:*
cpe:2.3:a:blogator-script:blogator-script:0.90:*:*:*:*:*:*:*
cpe:2.3:a:blogator-script:blogator-script:0.91:*:*:*:*:*:*:*
cpe:2.3:a:blogator-script:blogator-script:0.92:*:*:*:*:*:*:*
cpe:2.3:a:blogator-script:blogator-script:0.93:*:*:*:*:*:*:*
cpe:2.3:a:blogator-script:blogator-script:0.95:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05207
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
EPSS
Процентиль: 90%
0.05207
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94