Lucene search

[email protected]CVE-2012-1200

HistoryFeb 18, 2012 - 12:55 a.m.

CVE-2012-1200

2012-02-1800:55:02

CWE-94

[email protected]

web.nvd.nist.gov

cve

2012

1200

php

remote

file inclusion

nova cms

vulnerabilities

url

exploit

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%

JSON

Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.

Affected configurations

NVD

Node

nova-cmsnova_cmsMatch-

CPENameOperatorVersion
nova-cms:nova_cmsnova-cms nova cmseq-

CPE	Name	Operator	Version
nova-cms:nova_cms	nova-cms nova cms	eq	-

References

packetstormsecurity.org/files/109669/Nova-CMS-Remote-File-Inclusion.html

www.securityfocus.com/bid/51976

exchange.xforce.ibmcloud.com/vulnerabilities/73159

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%

JSON

Related for CVE-2012-1200

cvelist1 prion1 nvd1