CVE-2010-4924
published 2011-10-09CVE-2010-4924: PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.39%
81.8th percentile
PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clearbudget | clearbudget | — | — |
| zope | zope | >= 3.1.1 < 3.7.3 | 3.7.3 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2c5m-w65p-6fhv: ** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller
ghsa_unreviewed·2022-05-17
CVE-2010-4924 [HIGH] CWE-94 GHSA-2c5m-w65p-6fhv: ** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller
** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party.
GHSA
Zope XSS Vulnerability
ghsa·2022-04-22·CVSS 4.3
CVE-2011-4924 [MEDIUM] CWE-79 Zope XSS Vulnerability
Zope XSS Vulnerability
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
Red Hat
Zope: Incomplete upstream patch for CVE-2010-1104 issue
vendor_redhat·2012-01-18·CVSS 4.3
CVE-2011-4924 [MEDIUM] Zope: Incomplete upstream patch for CVE-2010-1104 issue
Zope: Incomplete upstream patch for CVE-2010-1104 issue
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
Package: conga (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
2011-10-09
Published