CVE-2010-1360

Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
boesch-itfaqengine
4.24.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txt
http://www.exploit-db.com/exploits/11111
http://www.securityfocus.com/bid/37719
https://exchange.xforce.ibmcloud.com/vulnerabilities/55532
http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txt
http://www.exploit-db.com/exploits/11111
http://www.securityfocus.com/bid/37719
https://exchange.xforce.ibmcloud.com/vulnerabilities/55532