7.5
CVE-2005-1965
- EPSS 4.05%
- Veröffentlicht 16.06.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:13:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Glen Campbell ≫ Siteframe Version3.0.1
Glen Campbell ≫ Siteframe Version3.0.2
Glen Campbell ≫ Siteframe Version3.1
Glen Campbell ≫ Siteframe Version3.1.1
Glen Campbell ≫ Siteframe Version3.1.2
Glen Campbell ≫ Siteframe Version3.1.4
Glen Campbell ≫ Siteframe Version3.1.6
Glen Campbell ≫ Siteframe Version3.1.8_beta
Glen Campbell ≫ Siteframe Version3.1.9
Glen Campbell ≫ Siteframe Version3.2_p5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.05% | 0.893 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://list.broadpool.com/pipermail/siteframe-announce/2005-June/000020.html
http://secunia.com/advisories/15657
http://securitytracker.com/id?1014150
http://www.osvdb.org/17246
http://www.securityfocus.com/bid/13928
https://exchange.xforce.ibmcloud.com/vulnerabilities/20973