CVE-2007-0862
gnopaste < 0.5.3 - Remote Code Execution via GNP_REAL_PATH Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458559/100/100/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458460/100/100/threaded
Scores
EPSS
0.0112
EPSS Percentile
62.1%
Details
CWE
CWE-94
Status
published
Products (2)
gnopaste/gnopaste
0.5.2
gnopaste/gnopaste
< 0.5.3
Published
Feb 09, 2007
Tracked Since
Feb 18, 2026