CVE-2007-5305 in ELSEIF CMSinfo

Summary

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

10/09/2007

Moderation

VulDB entry created

Entries

VDB-86098 (3)

CPE

ready

CWE

CWE-94 (Confirmed)

Exploit

Download

CVSS

5.3

EPSS

0.06636

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5305
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5305
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5305/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!