[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254802

 
 

909

 
 

198617

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2545Date: (C)2007-05-08   (M)2023-12-22


Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-23828
OSVDB-37767
OSVDB-37768
OSVDB-37769
OSVDB-37770
OSVDB-37771
OSVDB-37772
OSVDB-37773
OSVDB-37774
OSVDB-37775
OSVDB-37776
EXPLOIT-DB-3853
ADV-2007-1671
persism-systempath-file-include(34102)

© SecPod Technologies