7.5

CVE-2005-3519

Exploit
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MysourceMysource Version2.14.0
MysourceMysource Version2.14.0rc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.01% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=112966933202769&w=2
http://secunia.com/advisories/16946/
Patch
Vendor Advisory
Exploit
http://securityreason.com/securityalert/92
http://securitytracker.com/id?1015075
Patch
Vendor Advisory
Exploit
http://www.osvdb.org/20035
http://www.osvdb.org/20036
http://www.osvdb.org/20037
http://www.osvdb.org/20038
http://www.osvdb.org/20039
http://www.osvdb.org/20040
http://www.osvdb.org/20041
http://www.osvdb.org/20042
http://www.osvdb.org/20043
http://www.securityfocus.com/bid/15133/discuss
Patch
Exploit
http://www.vupen.com/english/advisories/2005/2132
https://exchange.xforce.ibmcloud.com/vulnerabilities/22772