CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2009-2111 – DB Top Sites 1.0 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2009-2111
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. Vulnerabilidad de inyección de código estático en add_reg.php en DB Top Sites v1.0 permite a atacantes remotos inyectar código PHP de su elección mediante los parámetros (1) url y (2) location. • https://www.exploit-db.com/exploits/8951 http://osvdb.org/55119 http://secunia.com/advisories/35419 https://exchange.xforce.ibmcloud.com/vulnerabilities/51121 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 1CVE-2009-2110 – DB Top Sites 1.0 - 'index.php?u' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-2110
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php. Múltiples vulnerabilidades de salto de directorio en DB Top Sites v1.0, cuando está desactivada la opción magic_quotes_gpc, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de un valor .. (punto punto) en el parámetro u sobre (1)full.php, (2)index.php y (3) contact.php. • https://www.exploit-db.com/exploits/8952 http://osvdb.org/55116 http://osvdb.org/55117 http://osvdb.org/55118 http://secunia.com/advisories/35419 https://exchange.xforce.ibmcloud.com/vulnerabilities/51120 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •