Back-end : Security Vulnerabilities, CVEs, CVSS score >= 4
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.
Max CVSS
7.5
EPSS Score
16.83%
Published
2006-09-29
Updated
2018-10-17
PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.
Max CVSS
6.4
EPSS Score
3.42%
Published
2006-05-31
Updated
2017-10-19
2 vulnerabilities found