Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2015

7 documents5 sources

Severity

7.5HIGH

EPSS

2.6%

top 14.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Postnuke Software Foundation Postnuke

Timeline

PublishedDec 31

Latest updateApr 30

Description

PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDpostnuke_software_foundation/postnuke0.703

Patches

Patch: www.iss.net ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-8q52-w544-h2xc: PHP file inclusion vulnerability in user↗2022-04-30

▶

CVEList

CVE-2002-2015: PHP file inclusion vulnerability in user↗2005-07-14

▶

💥Exploits & PoCs

Exploit-DB

ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)↗2015-09-06

▶

Exploit-DB

Chkrootkit 0.49 - Local Privilege Escalation↗2014-06-28

▶

Exploit-DB

PostNuke 0.703 - caselist Arbitrary Module Include↗2002-03-28

▶

💬Community

Bugzilla

CVE-2015-7510 systemd: Stack overflow in nss-mymachines↗2015-11-23

▶