- Description
- Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Successful exploitation requires that "register_globals" is enabled.
- Solution
- Successful exploitation requires that "register_globals" is enabled.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:work_system_e-commerce:work_system_e-commerce:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0995CDB-56EB-46BC-AD35-0D9F2262D4AC"
},
{
"criteria": "cpe:2.3:a:work_system_e-commerce:work_system_e-commerce:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C303820-ACA4-4823-A56D-E29E14C269E7"
},
{
"criteria": "cpe:2.3:a:work_system_e-commerce:work_system_e-commerce:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0D2BF7F-C442-4684-B683-698313B93920"
},
{
"criteria": "cpe:2.3:a:work_system_e-commerce:work_system_e-commerce:3.0.41:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BE89FDB-0BF2-49CB-A4CB-254832F7021F"
}
],
"operator": "OR"
}
]
}
]