CVE-2005-3519
CVE-2005-3519
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Productos afectados
n/a · n/aPoCs públicas encontradas — 9
exploitdbwww.exploit-db.com/exploits/26370no verificadoexploitdbwww.exploit-db.com/exploits/26363no verificadoexploitdbwww.exploit-db.com/exploits/26369no verificadoexploitdbwww.exploit-db.com/exploits/26373no verificadoexploitdbwww.exploit-db.com/exploits/26372no verificadoexploitdbwww.exploit-db.com/exploits/26362no verificadoexploitdbwww.exploit-db.com/exploits/26365no verificadoexploitdbwww.exploit-db.com/exploits/26364no verificadoexploitdbwww.exploit-db.com/exploits/26371no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://marc.info/?l=bugtraq&m=112966933202769&w=2http://secunia.com/advisories/16946/http://securityreason.com/securityalert/92http://securitytracker.com/id?1015075https://exchange.xforce.ibmcloud.com/vulnerabilities/22772http://www.osvdb.org/20035http://www.osvdb.org/20036http://www.osvdb.org/20037http://www.osvdb.org/20038http://www.osvdb.org/20039http://www.osvdb.org/20040http://www.osvdb.org/20041