CVE-2010-1360

EUVD-2010-1388
Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
boesch-itfaqengine
4.24.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txt
http://www.exploit-db.com/exploits/11111
http://www.securityfocus.com/bid/37719
https://exchange.xforce.ibmcloud.com/vulnerabilities/55532
http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txt
http://www.exploit-db.com/exploits/11111
http://www.securityfocus.com/bid/37719
https://exchange.xforce.ibmcloud.com/vulnerabilities/55532