CVE-2005-3519
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/11/2005
Last modified:
11/07/2017
Description
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:mysource:mysource:2.14.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:mysource:mysource:2.14.0rc2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=112966933202769&w=2
- http://secunia.com/advisories/16946/
- http://securityreason.com/securityalert/92
- http://securitytracker.com/id?1015075=
- http://www.osvdb.org/20035
- http://www.osvdb.org/20036
- http://www.osvdb.org/20037
- http://www.osvdb.org/20038
- http://www.osvdb.org/20039
- http://www.osvdb.org/20040
- http://www.osvdb.org/20041
- http://www.osvdb.org/20042
- http://www.osvdb.org/20043
- http://www.securityfocus.com/bid/15133/discuss
- http://www.vupen.com/english/advisories/2005/2132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22772