CVE-2010-1351

EUVD-2010-1379
Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php.  NOTE: some of these details are obtained from third party information.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
nodesforumnodesforum
1.033
nodesforumnodesforum
1.045
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/39311
http://www.exploit-db.com/exploits/12047
https://exchange.xforce.ibmcloud.com/vulnerabilities/57517
http://secunia.com/advisories/39311
http://www.exploit-db.com/exploits/12047
https://exchange.xforce.ibmcloud.com/vulnerabilities/57517