Lucene search

K

[email protected]NVD:CVE-2012-1933

HistoryAug 27, 2012 - 9:55 p.m.

CVE-2012-1933

2012-08-2721:55:01

CWE-94

[email protected]

web.nvd.nist.gov

1

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.

Affected configurations

NVD

Node

sourcefabricnewscoopMatch3.5.0

OR

sourcefabricnewscoopMatch3.5.1

OR

sourcefabricnewscoopMatch3.5.2

OR

sourcefabricnewscoopMatch3.5.3

OR

sourcefabricnewscoopMatch3.5.4

OR

sourcefabricnewscoopMatch4.0rc3

References

archives.neohapsis.com/archives/bugtraq/2012-04/0130.html

dev.sourcefabric.org/browse/CS-4179

secunia.com/advisories/48769

www.exploit-db.com/exploits/18752

www.securityfocus.com/bid/53147

www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm

exchange.xforce.ibmcloud.com/vulnerabilities/75031

www.htbridge.com/advisory/HTB23084

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

Related for NVD:CVE-2012-1933

cvelist1 prion1 cve1 dsquare1 securityvulns2 exploitpack1 packetstorm1 htbridge1 exploitdb1