CyberSec.Space Logo
Back to CVE Browser

CVE-2012-5293

HIGH
7.5
CVSS Severity Score
EPSS Score0.1480%
EPSS Percentile23.88th
PublishedOct 4, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.

Affected Platforms (CPE)

πŸ“¦
Redgraphic

Sapid Cms

= 1.2.3

References & Advisories

πŸ”— http://www.exploit-db.com/exploits/18342
πŸ”— http://www.osvdb.org/82475
πŸ”— http://www.osvdb.org/82476
πŸ”— http://www.securityfocus.com/bid/51323
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/72238
πŸ”— http://www.exploit-db.com/exploits/18342
πŸ”— http://www.osvdb.org/82475
πŸ”— http://www.osvdb.org/82476

Related Vulnerabilities

CVE-2005-400710.0

Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization ch...

CVE-2005-40067.5

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_...

CVE-2006-40267.5

PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in th...

CVE-2007-50566.8

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made S...