Vulnerability Details CVE-2015-3638
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2015-3638
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.2
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.4
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.5
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.6
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.6.1
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.6.2
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.7
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:1.7.1
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:2.0
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:2.1
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:2.2
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:2.3
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:2.4
-
cpe:2.3:a:phpmybackuppro:phpmybackuppro:2.5