exploitDog

CVE-2008-4529

Опубликовано: 09 окт. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:asicms:asicms:0.208:alpha:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04076

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-7977-rjm6-8jg8

github

почти 4 года назад

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.

EPSS

Процентиль: 88%

0.04076

Низкий

7.5 High

CVSS2

Дефекты

CWE-94