NVD

Id
13835  
Name
CVE-2010-2358  
Description
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-06-21  
Modified Date
2010-06-22  
Seq
2010-2358  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
76839 13835 CVE-2010-2358 13889  View
76840 13835 CVE-2010-2358 40882  View
76841 13835 CVE-2010-2358 ADV-2010-1498  View
76842 13835 CVE-2010-2358 nakidcms-uploadphoto-file-include(59453)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
39104 JVNDB-2010-004889 Nakid CMS における PHP リモートファイルインクルージョンの脆弱性 Nakid CMS の modules/catalog/upload_photo.php には、magic_quotes_gpc が無効になっている、および register_globals が有効になっている際、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2010-2358 44938 CVE-2010-2358 13835 5.1 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004889.html 2010-06-21 2012-09-25 View