CyberSec.Space Logo
CVEブラウザに戻る

CVE-2012-5293

HIGH
7.5
CVSS Severity Score
EPSS Score0.1480%
EPSS Percentile23.88th
Published2012年10月4日
Last Modified2026年4月29日

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.

Affected Platforms (CPE)

📦
Redgraphic

Sapid Cms

= 1.2.3

References & Advisories

🔗 http://www.exploit-db.com/exploits/18342
🔗 http://www.osvdb.org/82475
🔗 http://www.osvdb.org/82476
🔗 http://www.securityfocus.com/bid/51323
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/72238
🔗 http://www.exploit-db.com/exploits/18342
🔗 http://www.osvdb.org/82475
🔗 http://www.osvdb.org/82476

関連する脆弱性情報

CVE-2005-400710.0

Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization ch...

CVE-2005-40067.5

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_...

CVE-2006-40267.5

PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in th...

CVE-2007-50566.8

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made S...