CVE-2007-0862

gnopaste < 0.5.3 - Remote Code Execution via GNP_REAL_PATH Parameter

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458559/100/100/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458460/100/100/threaded

Scores

EPSS 0.0112
EPSS Percentile 62.1%

Details

CWE
CWE-94
Status published
Products (2)
gnopaste/gnopaste 0.5.2
gnopaste/gnopaste < 0.5.3
Published Feb 09, 2007
Tracked Since Feb 18, 2026