Lucene search

[email protected]NVD:CVE-2010-1055

HistoryMar 23, 2010 - 5:30 p.m.

CVE-2010-1055

2010-03-2317:30:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.063

Percentile

93.6%

JSON

Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

tufatosdateMatch2.1.9

tufatosdateMatch2.5.4

VendorProductVersionCPE
tufatosdate2.1.9cpe:2.3:a:tufat:osdate:2.1.9:*:*:*:*:*:*:*
tufatosdate2.5.4cpe:2.3:a:tufat:osdate:2.5.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tufat	osdate	2.1.9	cpe:2.3:a:tufat:osdate:2.1.9:::::::*
tufat	osdate	2.5.4	cpe:2.3:a:tufat:osdate:2.5.4:::::::*

References

evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html

osvdb.org/63005

osvdb.org/63006

secunia.com/advisories/38943

www.exploit-db.com/exploits/11755

www.securityfocus.com/bid/38738

exchange.xforce.ibmcloud.com/vulnerabilities/56909

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.063

Percentile

93.6%

JSON

Related for NVD:CVE-2010-1055

prion1 exploitdb1 cve1 cvelist1