CVE-2007-2260

bibtex mase beta 2.0 - Remote Code Execution via bibtexrootrel Parameter

Title source: llm
STIX 2.1

Description

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35628
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35624
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35631
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35633
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35629
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35622
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35621
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466683/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35625
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35623
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35632
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2624
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35626
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35630
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35627

Scores

EPSS 0.0246
EPSS Percentile 82.5%

Details

CWE
CWE-94
Status published
Products (1)
bibtex/mase 2.0_beta
Published Apr 25, 2007
Tracked Since Feb 18, 2026