Vulnerabilities > CVE-2005-3519 - Unspecified vulnerability in Mysource 2.14.0/2.14.0Rc2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mysource
exploit available
NVD
Published: 2005-11-06
Updated: 2017-07-11

Summary

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.

Vulnerable Configurations

Part Description Count
Application
Mysource
2

Exploit-Db

  • descriptionMySource 2.14 Socket.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform
    idEDB-ID:26364
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26364/
    titleMySource 2.14 Socket.php PEAR_PATH Remote File Inclusion
  • descriptionMySource 2.14 mimeDecode.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform
    idEDB-ID:26372
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26372/
    titleMySource 2.14 mimeDecode.php PEAR_PATH Remote File Inclusion
  • descriptionMySource 2.14 mime.php PEAR_PATH Remote File Inclusion. CVE-2005-3519 . Webapps exploit for php platform
    idEDB-ID:26373
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26373/
    titleMySource 2.14 mime.php PEAR_PATH Remote File Inclusion
  • descriptionMySource 2.14 Date.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform
    idEDB-ID:26370
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26370/
    titleMySource 2.14 Date.php PEAR_PATH Remote File Inclusion
  • descriptionMySource 2.14 new_upgrade_functions.php Multiple Parameter Remote File Inclusion. CVE-2005-3519 . Webapps exploit for php platform
    idEDB-ID:26362
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26362/
    titleMySource 2.14 new_upgrade_functions.php Multiple Parameter Remote File Inclusion
  • descriptionMySource 2.14 init_mysource.php INCLUDE_PATH Parameter Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform
    idEDB-ID:26363
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26363/
    titleMySource 2.14 init_mysource.php INCLUDE_PATH Parameter Remote File Inclusion
  • descriptionMySource 2.14 Mail.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform
    idEDB-ID:26369
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26369/
    titleMySource 2.14 Mail.php PEAR_PATH Remote File Inclusion
  • descriptionMySource 2.14 Request.php PEAR_PATH Remote File Inclusion. CVE-2005-3519. Webapps exploit for php platform
    idEDB-ID:26365
    last seen2016-02-03
    modified2005-10-18
    published2005-10-18
    reporterSecunia Research
    sourcehttps://www.exploit-db.com/download/26365/
    titleMySource 2.14 Request.php PEAR_PATH Remote File Inclusion

References