Remote file inclusion

2006-06-0210:18:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.093 Low

EPSS

Percentile

94.7%

JSON

PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, © app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php.

CPENameOperatorVersion
metajoureq2.1

CPE	Name	Operator	Version
	metajour	eq	2.1

References

secunia.com/advisories/20404

www.securityfocus.com/bid/18211

www.vupen.com/english/advisories/2006/2077

exchange.xforce.ibmcloud.com/vulnerabilities/26892

www.exploit-db.com/exploits/1855