CVE-2007-5305

EPSS 9.3%

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/4490unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/38649 http://osvdb.org/38650 http://osvdb.org/38651 http://osvdb.org/38652 http://osvdb.org/38653 http://osvdb.org/38654 http://osvdb.org/38655 http://osvdb.org/38656 http://osvdb.org/38657 http://osvdb.org/38658 http://securityreason.com/securityalert/3204 https://exchange.xforce.ibmcloud.com/vulnerabilities/37011