CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
90.5%
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.
Vendor | Product | Version | CPE |
---|---|---|---|
raphael_mazoyer | pointcomma | * | cpe:2.3:a:raphael_mazoyer:pointcomma:*:*:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.1 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.1:*:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.1.1 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.1.1:*:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.5 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.5:*:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.5 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.5:beta_2:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.6 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.6:*:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.8 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.8:beta:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.51 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.51:*:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.51 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.51:beta:*:*:*:*:*:* |
raphael_mazoyer | pointcomma | 3.53 | cpe:2.3:a:raphael_mazoyer:pointcomma:3.53:beta:*:*:*:*:*:* |