CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-1106

PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/55756
http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/55756

Products affected by CVE-2010-1106

Advertisementmanager » Advertisementmanager » Version: 3.1.0

cpe:2.3:a:advertisementmanager:advertisementmanager:3.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-1106

Products

Pricing

Contact Us