8.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.323 Low
EPSS
Percentile
97.0%
Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
CPE | Name | Operator | Version |
---|---|---|---|
solidstate:solidstate | solidstate | le | 0.4 |
attrition.org/pipermail/vim/2007-January/001210.html
www.osvdb.org/31097
www.osvdb.org/31098
www.osvdb.org/31099
www.osvdb.org/31100
www.osvdb.org/31104
www.osvdb.org/31105
www.osvdb.org/31106
www.osvdb.org/31107
www.osvdb.org/31108
www.osvdb.org/31109
www.osvdb.org/31110
www.osvdb.org/31111
www.osvdb.org/31112
www.osvdb.org/31113
www.osvdb.org/31114
www.osvdb.org/31115
www.osvdb.org/31116
www.osvdb.org/31117
www.osvdb.org/31118
www.osvdb.org/31119
www.osvdb.org/31120
www.osvdb.org/31121
www.osvdb.org/31122
www.osvdb.org/31123
www.osvdb.org/31124
www.osvdb.org/31125
www.osvdb.org/31126
www.osvdb.org/31127
www.osvdb.org/31128
www.osvdb.org/31129
www.osvdb.org/31130
www.osvdb.org/31131
www.osvdb.org/31132
www.osvdb.org/31133
www.osvdb.org/31134
www.osvdb.org/31135
www.osvdb.org/31136
www.osvdb.org/31137
www.osvdb.org/31138
www.osvdb.org/31139
www.osvdb.org/31141
www.osvdb.org/31142
www.osvdb.org/31143
www.osvdb.org/31144
www.osvdb.org/31145
www.osvdb.org/31146
www.osvdb.org/31147
www.osvdb.org/31190
www.osvdb.org/31191
www.osvdb.org/31192
www.osvdb.org/31193
www.osvdb.org/31194
www.osvdb.org/31197
www.osvdb.org/31198
www.osvdb.org/31199
www.osvdb.org/31200
www.osvdb.org/31201
www.osvdb.org/31202
www.osvdb.org/31203
www.securityfocus.com/bid/21934
www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1
exchange.xforce.ibmcloud.com/vulnerabilities/29095
www.exploit-db.com/exploits/2413