Vulnerability Details CVE-2007-2260
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/35621
- http://osvdb.org/35622
- http://osvdb.org/35623
- http://osvdb.org/35624
- http://osvdb.org/35625
- http://osvdb.org/35626
- http://osvdb.org/35627
- http://osvdb.org/35628
- http://osvdb.org/35629
- http://osvdb.org/35630
- http://osvdb.org/35631
- http://osvdb.org/35632
- http://osvdb.org/35633
- http://securityreason.com/securityalert/2624
- http://www.securityfocus.com/archive/1/466683/100/0/threaded
- http://osvdb.org/35621
- http://osvdb.org/35622
- http://osvdb.org/35623
- http://osvdb.org/35624
- http://osvdb.org/35625
- http://osvdb.org/35626
- http://osvdb.org/35627
- http://osvdb.org/35628
- http://osvdb.org/35629
- http://osvdb.org/35630
- http://osvdb.org/35631
- http://osvdb.org/35632
- http://osvdb.org/35633
- http://securityreason.com/securityalert/2624
- http://www.securityfocus.com/archive/1/466683/100/0/threaded