- Description
- PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zpanel:zpanel:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FCBF151-50B2-4BC7-B0B7-69697D76869A"
},
{
"criteria": "cpe:2.3:a:zpanel:zpanel:2.5_beta:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D99E1D5-F0BC-4F24-8B6B-10E7ED3748A7"
},
{
"criteria": "cpe:2.3:a:zpanel:zpanel:2.5_beta9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3E03CBB-4539-4845-A6DD-B9D559AB2766"
},
{
"criteria": "cpe:2.3:a:zpanel:zpanel:2.5_beta10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AA0BCD3-1390-4EE6-8D84-CEB816BF266F"
}
],
"operator": "OR"
}
]
}
]