Vulnerability Description
PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stadtaus | Tell A Friend Script | <= 2.7 |
Related Weaknesses (CWE)
References
- http://arfis.wordpress.com/2007/09/13/rfi-02-openelibrary/
- http://securitytracker.com/id?1013390Patch
- http://www.osvdb.org/14628
- http://www.securityfocus.com/archive/1/474954/100/0/threaded
- http://www.stadtaus.com/forum/t-1578.html
- http://www.stadtaus.com/forum/t-1579.htmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19630
- http://arfis.wordpress.com/2007/09/13/rfi-02-openelibrary/
- http://securitytracker.com/id?1013390Patch
- http://www.osvdb.org/14628
- http://www.securityfocus.com/archive/1/474954/100/0/threaded
- http://www.stadtaus.com/forum/t-1578.html
- http://www.stadtaus.com/forum/t-1579.htmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19630
FAQ
What is CVE-2005-0679?
CVE-2005-0679 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root paramet...
How severe is CVE-2005-0679?
CVE-2005-0679 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0679?
Check the references section above for vendor advisories and patch information. Affected products include: Stadtaus Tell A Friend Script.