CVE-2008-4206

Опубликовано: 24 сент. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.

Ссылки

http://e-rdc.org/v1/news.php?readmore=108
Exploit
http://osvdb.org/48269
http://secunia.com/advisories/31794
http://securityreason.com/securityalert/4307
http://www.securityfocus.com/archive/1/496427/100/0/threaded
http://www.securityfocus.com/bid/31207
Exploit
https://www.exploit-db.com/exploits/6468
http://e-rdc.org/v1/news.php?readmore=108
Exploit
http://osvdb.org/48269
http://secunia.com/advisories/31794
http://securityreason.com/securityalert/4307
http://www.securityfocus.com/archive/1/496427/100/0/threaded
http://www.securityfocus.com/bid/31207
Exploit
https://www.exploit-db.com/exploits/6468

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:attachmax:dolphin:2.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07602

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-7wq7-qjqv-2q8f

github

почти 4 года назад