Remote file inclusion

2010-04-1318:30:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.

CPENameOperatorVersion
faqengineeq4.24.00

CPE	Name	Operator	Version
	faqengine	eq	4.24.00

References

packetstormsecurity.org/1001-exploits/faqengine-rfi.txt

www.securityfocus.com/bid/37719

exchange.xforce.ibmcloud.com/vulnerabilities/55532

www.exploit-db.com/exploits/11111