Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1200

Overview
Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1200
Last Modified 24 Feb 2012 12:00:00
Published 17 Feb 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1200

Summary

Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.

Vulnerable Systems

Application

  • Nova-cms Nova Cms

  • Nova-cms Nova Cms -


References

XF - novacms-multiple-file-include(73159)

BID - 51976

MISC - http://packetstormsecurity.org/files/109669/Nova-CMS-Remote-File-Inclusion.html

IT Risk Posture:

divider

Threats

Vulnerabilities

Patches

Free Risk Assessment Tools

Application Scanner
Find vulnerabilities on your network.

divider

Device Scanner
Find vulnerabilities on your network.

divider

Vulnerability Scanner
Find vulnerabilities on your network.

Last Updated: 16 May 2012 09:58:36