Remote file inclusion

2012-10-0416:55:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.4%

JSON

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.

CPENameOperatorVersion
sapid_cmseq1.2.3 stable

CPE	Name	Operator	Version
	sapid_cms	eq	1.2.3 stable

References

www.osvdb.org/82475

www.osvdb.org/82476

www.securityfocus.com/bid/51323

exchange.xforce.ibmcloud.com/vulnerabilities/72238

www.exploit-db.com/exploits/18342