Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php.
References
Link | Resource |
---|---|
http://secunia.com/advisories/33865 | Vendor Advisory |
http://www.securityfocus.com/bid/33705 | Exploit |
https://www.exploit-db.com/exploits/8017 |
Configurations
History
No history.
Information
Published : 2009-02-11 20:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-0530
Mitre link : CVE-2009-0530
CVE.ORG link : CVE-2009-0530
JSON object : View
Products Affected
electrictoad
- snippetmaster_webpage_editor
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')