CVE-2007-2260
bibtex mase beta 2.0 - Remote Code Execution via bibtexrootrel Parameter
Title source: llmDescription
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.
References (15)
Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35628
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35624
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35631
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35633
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35629
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35622
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35621
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466683/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35625
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35623
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35632
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2624
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35626
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35630
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35627
Scores
EPSS
0.0246
EPSS Percentile
82.5%
Details
CWE
CWE-94
Status
published
Products (1)
bibtex/mase
2.0_beta
Published
Apr 25, 2007
Tracked Since
Feb 18, 2026