Vulnerabilities > CVE-2005-3519 - Unspecified vulnerability in Mysource 2.14.0/2.14.0Rc2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description MySource 2.14 Socket.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform id EDB-ID:26364 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26364/ title MySource 2.14 Socket.php PEAR_PATH Remote File Inclusion description MySource 2.14 mimeDecode.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform id EDB-ID:26372 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26372/ title MySource 2.14 mimeDecode.php PEAR_PATH Remote File Inclusion description MySource 2.14 mime.php PEAR_PATH Remote File Inclusion. CVE-2005-3519 . Webapps exploit for php platform id EDB-ID:26373 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26373/ title MySource 2.14 mime.php PEAR_PATH Remote File Inclusion description MySource 2.14 Date.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform id EDB-ID:26370 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26370/ title MySource 2.14 Date.php PEAR_PATH Remote File Inclusion description MySource 2.14 new_upgrade_functions.php Multiple Parameter Remote File Inclusion. CVE-2005-3519 . Webapps exploit for php platform id EDB-ID:26362 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26362/ title MySource 2.14 new_upgrade_functions.php Multiple Parameter Remote File Inclusion description MySource 2.14 init_mysource.php INCLUDE_PATH Parameter Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform id EDB-ID:26363 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26363/ title MySource 2.14 init_mysource.php INCLUDE_PATH Parameter Remote File Inclusion description MySource 2.14 Mail.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform id EDB-ID:26369 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26369/ title MySource 2.14 Mail.php PEAR_PATH Remote File Inclusion description MySource 2.14 Request.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform id EDB-ID:26365 last seen 2016-02-03 modified 2005-10-18 published 2005-10-18 reporter Secunia Research source https://www.exploit-db.com/download/26365/ title MySource 2.14 Request.php PEAR_PATH Remote File Inclusion
References
- http://marc.info/?l=bugtraq&m=112966933202769&w=2
- http://secunia.com/advisories/16946/
- http://securityreason.com/securityalert/92
- http://securitytracker.com/id?1015075
- http://www.osvdb.org/20035
- http://www.osvdb.org/20036
- http://www.osvdb.org/20037
- http://www.osvdb.org/20038
- http://www.osvdb.org/20039
- http://www.osvdb.org/20040
- http://www.osvdb.org/20041
- http://www.osvdb.org/20042
- http://www.osvdb.org/20043
- http://www.securityfocus.com/bid/15133/discuss
- http://www.vupen.com/english/advisories/2005/2132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22772