CVE-2010-0367

Bitscripts Bits Video Script - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/34116

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/34117

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55740

Scores

EPSS 0.0216

EPSS Percentile 84.4%

Details

CWE

CWE-94

Status published

Products (2)

bitscripts/bits_video_script 2.04

bitscripts/bits_video_script 2.05 gold_beta

Published Jan 21, 2010

Tracked Since Feb 18, 2026