2 results (0.002 seconds)

CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0

phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. phpwcms 1.2.5-DEV y anteriores, y 1.1 anterior a RC4, permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados en el parámetro nome_evento en phpwcms_code_snippets/mail_file_form.php y (2) sample_ext_php/mail_file_form.php, lo cual es procesado por la función render_PHPcode. • http://secunia.com/advisories/19866 http://www.phpwcms.de/forum/viewtopic.php?t=10958 http://www.vupen.com/english/advisories/2006/1556 https://exchange.xforce.ibmcloud.com/vulnerabilities/26126 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER). Vulnerabilidad de inyección CRLF (CR (retorno de carro) y LF (salto de línea)) en el (1) include/inc_act/act_formmailer.php y, posiblemente, en (2) sample_ext_php/mail_file_form.php del phpwcms 1.2.5-DEV y versiones anteriores y en el 1.1. anterior al RC4, permite a atacantes remotos modificar cabeceras HTTP y enviar correos de spam suplantando una referencia HTTP (HTTP_REFERER). • http://secunia.com/advisories/19866 http://www.phpwcms.de/forum/viewtopic.php?t=10958 http://www.vupen.com/english/advisories/2006/1556 https://exchange.xforce.ibmcloud.com/vulnerabilities/26130 •