CVE-2010-1360
FAQEngine 4.24.00 - Remote File Inclusion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
Múltiples vulnerabilidades de inclusion remota de fichero PHP en FAQEngine v4.24.00 permite a atacantes remotos ejecutar código PHP de forma arbitraria a travees de una URL en el parámetro "path_faq" a (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, y (13) stats.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-01-11 First Exploit
- 2010-04-13 CVE Reserved
- 2010-04-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/55532 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/11111 | 2010-01-11 | |
http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txt | 2024-08-07 | |
http://www.exploit-db.com/exploits/11111 | 2024-08-07 | |
http://www.securityfocus.com/bid/37719 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|