8.1 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
81.1%
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
CPE | Name | Operator | Version |
---|---|---|---|
modernbill | eq | 4.0.1 rc7 | |
modernbill | eq | 4.3.2 | |
modernbill | le | 4.4.0 | |
modernbill | eq | 4.3.0 | |
modernbill | eq | 2.2.115 | |
modernbill | eq | 3.1.3 | |
modernbill | eq | 4.1.2 | |
modernbill | eq | 4.1.3 | |
modernbill | eq | 3.0 beta | |
modernbill | eq | 4.2.1 |