7.9 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.201 Low
EPSS
Percentile
96.3%
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.
CPE | Name | Operator | Version |
---|---|---|---|
grayscale:bandsite_cms | grayscale bandsite cms | eq | 1.1.1 |
secunia.com/advisories/20768
sourceforge.net/project/shownotes.php?release_id=428062
www.osvdb.org/27233
www.osvdb.org/27234
www.osvdb.org/27235
www.osvdb.org/27236
www.osvdb.org/27237
www.osvdb.org/27238
www.osvdb.org/27239
www.osvdb.org/27240
www.osvdb.org/27241
www.osvdb.org/27242
www.osvdb.org/27243
www.osvdb.org/27244
www.osvdb.org/27245
www.osvdb.org/27246
www.osvdb.org/27247
www.osvdb.org/27248
www.osvdb.org/27249
www.osvdb.org/27250
www.osvdb.org/27251
www.osvdb.org/27252
www.securityfocus.com/bid/18555
www.vupen.com/english/advisories/2006/2462
www.exploit-db.com/exploits/1933