CVE-2015-7381

Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008.
References
Link Resource
http://www.kb.cert.org/vuls/id/374092 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/374092 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:refbase:refbase:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:36

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/374092 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/374092 - Third Party Advisory, US Government Resource

Information

Published : 2015-09-28 02:59

Updated : 2024-11-21 02:36


NVD link : CVE-2015-7381

Mitre link : CVE-2015-7381

CVE.ORG link : CVE-2015-7381


JSON object : View

Products Affected

refbase

  • refbase
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')