Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5224

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5224
Last Modified 02 Oct 2012 12:00:00
Published 01 Oct 2012 04:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5224

Summary

PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.

Vulnerable Systems

Application

  • Vbadvanced Cmps 3.2.1

  • Vbadvanced Cmps 3.2.2


References

XF - vbadvancedcmps-template-file-include(72736)

MISC - http://www.vbadvanced.com/forum/showthread.php?s=c4fdb72b5c0751a056e814bf32a26ddb&t=44720

BID - 51672

MISC - http://packetstormsecurity.org/files/view/109098/vbadvancedcmps-rfilfi.txt


Last Updated: 27 May 2016 11:00:49