2 matches found
CVE-2007-5175
CVE-2007-5175 : PHP remote file inclusion in actSite 1.991 Beta (lib/base.php) allows an attacker to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter. Root cause: unsafely using a user-controlled file path in an include operation. Impact: remote code execution on the affecte...
CVE-2007-5174
CVE-2007-5174 describes a directory traversal vulnerability in actSite 1.56, exploitable via phpinc/news.php by providing a .. in the do parameter to include and execute local files. The NVD entry confirms the flaw, with a CVSS 2.0 base score of 7.5 (HIGH) and impact on confidentiality, integrity...