Vulnerabilidad en Múltiples vulnerabilidades de inclusión remota de archivo en PHP en PBSite (CVE-2007-3085)
Gravedad CVSS v2.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
06/06/2007
Última modificación:
09/04/2025
Descripción
Múltiples vulnerabilidades de inclusión remota de archivo en PHP en PBSite permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el (1) parámetro dbpath a (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, o (bb) templates/pb/css/formstyles.php; o el (2) parámetro temppath a (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, o (y) board.php.
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:pbsite:pbsite:*:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://osvdb.org/38759
- http://osvdb.org/38760
- http://osvdb.org/38761
- http://osvdb.org/38762
- http://osvdb.org/38763
- http://osvdb.org/38764
- http://osvdb.org/38765
- http://osvdb.org/38766
- http://osvdb.org/38767
- http://osvdb.org/38768
- http://osvdb.org/38769
- http://osvdb.org/38770
- http://osvdb.org/38771
- http://osvdb.org/38772
- http://osvdb.org/38773
- http://osvdb.org/38774
- http://osvdb.org/38775
- http://osvdb.org/38776
- http://osvdb.org/38777
- http://osvdb.org/38778
- http://osvdb.org/38779
- http://osvdb.org/38780
- http://osvdb.org/38781
- http://osvdb.org/38782
- http://osvdb.org/38783
- http://osvdb.org/38784
- http://osvdb.org/38785
- http://osvdb.org/38786
- http://securityreason.com/securityalert/2777
- http://www.securityfocus.com/archive/1/470239/100/0/threaded
- http://www.securityfocus.com/archive/1/470347/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34675
- http://osvdb.org/38759
- http://osvdb.org/38760
- http://osvdb.org/38761
- http://osvdb.org/38762
- http://osvdb.org/38763
- http://osvdb.org/38764
- http://osvdb.org/38765
- http://osvdb.org/38766
- http://osvdb.org/38767
- http://osvdb.org/38768
- http://osvdb.org/38769
- http://osvdb.org/38770
- http://osvdb.org/38771
- http://osvdb.org/38772
- http://osvdb.org/38773
- http://osvdb.org/38774
- http://osvdb.org/38775
- http://osvdb.org/38776
- http://osvdb.org/38777
- http://osvdb.org/38778
- http://osvdb.org/38779
- http://osvdb.org/38780
- http://osvdb.org/38781
- http://osvdb.org/38782
- http://osvdb.org/38783
- http://osvdb.org/38784
- http://osvdb.org/38785
- http://osvdb.org/38786
- http://securityreason.com/securityalert/2777
- http://www.securityfocus.com/archive/1/470239/100/0/threaded
- http://www.securityfocus.com/archive/1/470347/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34675