CVE-2010-0367 - OpenCVE

Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bitscripts	Bits Video Script

Configuration 1 [-]

OR	cpe:2.3:a:bitscripts:bits_video_script:2.04:::::::*
	cpe:2.3:a:bitscripts:bits_video_script:2.05:gold_beta::::::

References

Link	Resource
http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/55740

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-01-21T20:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-01-21T00:00:00

Link: CVE-2010-0367

JSON object: View

NVD Information

Status : Modified

Published: 2010-01-21T20:30:00.697

Modified: 2017-08-17T01:31:58.617

Link: CVE-2010-0367

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"}, {"name": "bitsvideo-showcasesearch-file-include(55740)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55740"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0367", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt", "refsource": "MISC", "url": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"}, {"name": "bitsvideo-showcasesearch-file-include(55740)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55740"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0367", "datePublished": "2010-01-21T20:00:00", "dateReserved": "2010-01-21T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}