CVE-2005-3519

EPSS 8.0%

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.

Affected products

n/a · n/a

public PoCs found — 9

exploitdbwww.exploit-db.com/exploits/26370unverified exploitdbwww.exploit-db.com/exploits/26363unverified exploitdbwww.exploit-db.com/exploits/26369unverified exploitdbwww.exploit-db.com/exploits/26373unverified exploitdbwww.exploit-db.com/exploits/26372unverified exploitdbwww.exploit-db.com/exploits/26362unverified exploitdbwww.exploit-db.com/exploits/26365unverified exploitdbwww.exploit-db.com/exploits/26364unverified exploitdbwww.exploit-db.com/exploits/26371unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=112966933202769&w=2 http://secunia.com/advisories/16946/http://securityreason.com/securityalert/92 http://securitytracker.com/id?1015075 https://exchange.xforce.ibmcloud.com/vulnerabilities/22772 http://www.osvdb.org/20035 http://www.osvdb.org/20036 http://www.osvdb.org/20037 http://www.osvdb.org/20038 http://www.osvdb.org/20039 http://www.osvdb.org/20040 http://www.osvdb.org/20041