DZCP deV!L`z Clanportal 1.5.2 inc/config.php basePath code injection

A vulnerability was found in DZCP deV!L`z Clanportal 1.5.2. It has been rated as critical. This issue affects an unknown function of the file inc/config.php. Upgrading to version 1.5.4 eliminates this vulnerability. A possible mitigation has been published 1 days after the disclosure of the vulnerability.

Field03/19/2015 12:22 PM03/23/2019 03:59 PM
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore6.66.6
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore6.66.6
sourcecodefunction show($tpl, $array) { global $tmpdir; $template = "../inc/_templates_/".$tmpdir."/".$tpl; if($fp = @fopen($template.".".html, "r")) $tpl = @fread($fp, filesize($template.".".html)); $array['dir'] = '../inc/_templates_/'.$tmpdir; foreach($array as $value => $code) { $tpl = str_replace('['.$value.']', $code, $tpl); } return $tpl; }function show($tpl, $array) { global $tmpdir; $template = "../inc/_templates_/".$tmpdir."/".$tpl; if($fp = @fopen($template.".".html, "r")) $tpl = @fread($fp, filesize($template.".".html)); $array['dir'] = '../inc/_templates_/'.$tmpdir; foreach($array as $value => $code) { $tpl = str_replace('['.$value.']', $code, $tpl); } return $tpl; }
date1268611200 (03/15/2010)1268611200 (03/15/2010)
urlhttp://www.vupen.com/english/advisories/2010/0615http://www.vupen.com/english/advisories/2010/0615
availability11
date1268611200 (03/15/2010)1268611200 (03/15/2010)
publicity11
urlhttps://www.exploit-db.com/exploits/11735https://www.exploit-db.com/exploits/11735
developer_nicknamecr4wl3rcr4wl3r
languagePHPPHP
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
date1268697600 (03/16/2010)1268697600 (03/16/2010)
upgrade_version1.5.41.5.4
cveCVE-2010-0966CVE-2010-0966
cve_nvd_published12686976001268697600
cve_nvd_summaryPHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
osvdb6292462924
osvdb_create12686693781268669378
osvdb_titledeV!L'z Clanportal inc/config.php basePath Parameter Remote File InclusiondeV!L'z Clanportal inc/config.php basePath Parameter Remote File Inclusion
secunia3890238902
secunia_date1268611200 (03/15/2010)1268611200 (03/15/2010)
secunia_titledeV!L'z Clanportal "basePath" File Inclusion VulnerabilitydeV!L'z Clanportal "basePath" File Inclusion Vulnerability
secunia_riskHighly CriticalHighly Critical
exploitdb1173511735
mischttps://secdb.tenold.org/cves/CVE-2010-0966https://secdb.tenold.org/cves/CVE-2010-0966
cvss3_vuldb_uiNN
locationWebsiteWebsite
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_ePP
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
reaction_days11
exposure_days11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
vendorDZCPDZCP
namedeV!L`z ClanportaldeV!L`z Clanportal
version1.5.21.5.2
fileinc/config.phpinc/config.php
argumentbasePathbasePath
cwe94 (code injection)94 (code injection)
risk22
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore5.35.3
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cve_assigned1268697600 (03/16/2010)
vupenADV-2010-0615

Interested in the pricing of exploits?

See the underground prices here!