Lucene search

CVE-2012-1933

🗓️ 27 Aug 2012 21:01:55Reported by mitreType

cve🔗 web.nvd.nist.gov👁 35 Views🌐 WEB

CVE-2012-1933 Newscoop 3.5.x before 3.5.5 and 4 before RC4 PHP remote file inclusion vulnerabilitie

Reporter	Title	Published	Views	Family All 11
Dsquare	Newscoop RFI	20 Apr 201200:00	–	dsquare
NVD	CVE-2012-1933	27 Aug 201221:55	–	nvd
Cvelist	CVE-2012-1933	27 Aug 201221:00	–	cvelist
Prion	Remote file inclusion	27 Aug 201221:55	–	prion
Packet Storm	Newscoop 3.5.3 XSS / RFI / SQL Injection	18 Apr 201200:00	–	packetstorm
exploitpack	newscoop 3.5.3 - Multiple Vulnerabilities	19 Apr 201200:00	–	exploitpack
Exploit DB	newscoop 3.5.3 - Multiple Vulnerabilities	19 Apr 201200:00	–	exploitdb
securityvulns	Multiple vulnerabilities in Newscoop	23 Apr 201200:00	–	securityvulns
securityvulns	Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)	23 Apr 201200:00	–	securityvulns
0day.today	Newscoop 3.5.3 XSS / RFI / SQL Injection	18 Apr 201200:00	–	zdt

Nvd

Node

sourcefabric newscoopMatch3.5.0

sourcefabric newscoopMatch3.5.1

sourcefabric newscoopMatch3.5.2

sourcefabric newscoopMatch3.5.3

sourcefabric newscoopMatch3.5.4

sourcefabric newscoopMatch4.0rc3

Source	Link
archives	www.archives.neohapsis.com/archives/bugtraq/2012-04/0130.html
dev	www.dev.sourcefabric.org/browse/CS-4179
securityfocus	www.securityfocus.com/bid/53147
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/75031
htbridge	www.htbridge.com/advisory/HTB23084
exploit-db	www.exploit-db.com/exploits/18752
sourcefabric	www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm
secunia	www.secunia.com/advisories/48769

Parameter	Position	Path	Description	CWE
GLOBALS[g_campsiteDir]	query param	/include/phorum_load.php	Remote File Inclusion vulnerability allowing execution of arbitrary PHP code via the GLOBALS[g_campsiteDir] parameter.	CWE-94
GLOBALS[g_campsiteDir]	query param	/conf/install_conf.php	Remote File Inclusion vulnerability allowing execution of arbitrary PHP code via the GLOBALS[g_campsiteDir] parameter.	CWE-94
GLOBALS[g_campsiteDir]	query param	/conf/liveuser_configuration.php	Remote File Inclusion vulnerability allowing execution of arbitrary PHP code via the GLOBALS[g_campsiteDir] parameter.	CWE-94
f_country_code	query param	/admin/country/edit.php	SQL Injection vulnerability allowing manipulation of SQL queries via the f_country_code parameter.	CWE-89
Back	query param	/admin/ad.php	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML/script code in admin's browser via the Back parameter.	CWE-79
error_code	query param	/admin/login.php	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML/script code in user's browser via the error_code parameter.	CWE-79
token	query param	/admin/password_check_token.php	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML/script code in user's browser via token and f_email parameters.	CWE-79
f_email	query param	/admin/password_check_token.php	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML/script code in user's browser via token and f_email parameters.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Aug 2012 21:55Current

7.6High risk

Vulners AI Score7.6

CVSS26.8

EPSS0.03995

CWE-94