7.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.302 Low
EPSS
Percentile
96.9%
Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.
CPE | Name | Operator | Version |
---|---|---|---|
cantico:ovidentia | cantico ovidentia | eq | 5.8.0 |
securityreason.com/securityalert/1033
www.osvdb.org/27209
www.osvdb.org/27211
www.osvdb.org/27212
www.osvdb.org/27213
www.osvdb.org/27214
www.osvdb.org/27215
www.osvdb.org/27216
www.osvdb.org/27217
www.osvdb.org/27218
www.osvdb.org/27219
www.osvdb.org/27220
www.osvdb.org/27221
www.osvdb.org/27222
www.osvdb.org/27223
www.osvdb.org/27224
www.osvdb.org/27225
www.osvdb.org/27226
www.osvdb.org/27227
www.osvdb.org/27228
www.osvdb.org/27229
www.securityfocus.com/archive/1/435590/100/0/threaded
www.securityfocus.com/archive/1/456893/100/200/threaded
www.securityfocus.com/archive/1/459572/100/0/threaded
www.securityfocus.com/bid/18232
exchange.xforce.ibmcloud.com/vulnerabilities/26981