Description
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
Exploits (9)
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26371
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26364
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26365
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26362
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26372
exploitdb
WORKING POC
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26373
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26369
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26363
exploitdb
WRITEUP
VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26370
References (16)
Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22772
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15133/discuss
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/92
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20039
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20037
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112966933202769&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20036
Exploit, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16946/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20040
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2132
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015075
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20038
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20041
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20035
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20042
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20043
Scores
EPSS
0.0432
EPSS Percentile
88.9%
Details
Status
published
Products (2)
mysource/mysource
2.14.0
mysource/mysource
2.14.0rc2
Published
Nov 06, 2005
Tracked Since
Feb 18, 2026