CVE-2010-1360
published 2010-04-13CVE-2010-1360: Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.29%
81.1th percentile
Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| boesch-it | faqengine | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
exploitdb·2010-01-18
CVE-2010-0187 Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
---
# Version: 6/7/8
# Tested on: Windows XP SP3 English & Windows 7
# CVE :
# Code: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11182.tar.gz (ie_crash.tar.gz)
Description: Modified 1360. byte to 44, 1361. to 43, 1362. 42, 1363.
byte to 41 of a sample swf file, ran it and crash occurred.
Screenshots:
Internet Explorer 6 - XP SP3 - http://www.mertsarica.com/images/ie6_xp_sp3_3.jpg
Internet Explorer 7 - XP SP3 - http://www.mertsarica.com/images/ie7_xp_sp3_1.jpg
Internet Explorer 8 - Windows 7 - http://www.mertsarica.com/images/ie8_win7.jpg
Exploit-DB
FAQEngine 4.24.00 - Remote File Inclusion
exploitdb·2010-01-11
CVE-2010-1360 FAQEngine 4.24.00 - Remote File Inclusion
FAQEngine 4.24.00 - Remote File Inclusion
---
###################################################################################
#
[~] FAQEngine 4.24.00 - Remote File Inclusion vulnerability [ RFI ] #
[~] Author : kaMtiEz ([email protected]) #
[~] Homepage : http://www.indonesiancoder.com #
[~] Date : January 6, 2010 #
#
###################################################################################
[ Software Information ]
[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : -
[+] Location : INDONESIA - JOGJA
##################################################################################
[ HERE WE GO .. LIVE
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txthttp://www.exploit-db.com/exploits/11111http://www.securityfocus.com/bid/37719https://exchange.xforce.ibmcloud.com/vulnerabilities/55532http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txthttp://www.exploit-db.com/exploits/11111http://www.securityfocus.com/bid/37719https://exchange.xforce.ibmcloud.com/vulnerabilities/55532
2010-04-13
Published