8.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.112 Low
EPSS
Percentile
95.1%
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
CPE | Name | Operator | Version |
---|---|---|---|
campware.org:campsite | campware.org campsite | eq | 2.6.0 |
campware.org:campsite | campware.org campsite | eq | 2.6.1 |
code.campware.org/projects/campsite/changeset/6057
code.campware.org/projects/campsite/changeset/6058
code.campware.org/projects/campsite/query?milestone=2.6.2
code.campware.org/projects/campsite/ticket/2349
sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936
www.osvdb.org/34187
www.osvdb.org/34188
www.osvdb.org/34189
www.osvdb.org/34190
www.osvdb.org/34191
www.osvdb.org/34192
www.osvdb.org/34193
www.osvdb.org/34194
www.osvdb.org/34195
www.osvdb.org/34196
www.osvdb.org/34197
www.osvdb.org/34198
www.osvdb.org/34199
www.osvdb.org/34200
www.osvdb.org/34201
www.osvdb.org/34202
www.osvdb.org/34203
www.osvdb.org/34204
www.osvdb.org/34205
www.osvdb.org/34206
www.osvdb.org/34207
www.osvdb.org/34208
www.osvdb.org/34209
www.osvdb.org/34210
www.osvdb.org/34211
www.osvdb.org/34212
www.osvdb.org/34213
www.osvdb.org/34214
www.osvdb.org/34215
www.osvdb.org/34216
www.osvdb.org/34217
www.osvdb.org/34218
www.osvdb.org/34219
www.osvdb.org/34220
www.osvdb.org/34221
www.osvdb.org/34222
www.osvdb.org/34223
www.osvdb.org/34224
www.osvdb.org/34225
www.securityfocus.com/bid/23874