- Description
- showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:P
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
- EPractize Labs SoftwareThe PHP is used for tracking open email report in Email Marketing Software Express. It will not be called in any of your free subscription manager PHPs. We removed showImg.php from the latest version. You can verify at http://www.epractizelabs.com/email-marketing/subscription-manager.html (click download, extract and verify the contents).
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epractizelabs:subscription_manager:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AFC52D7-BB44-4C7E-B7A8-BF4E3DFF5191"
}
],
"operator": "OR"
}
]
}
]