Description
PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by PacketiK · textwebappsphp
https://www.exploit-db.com/exploits/36628
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72736
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/109098/vbadvancedcmps-rfilfi.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51672
Various Sources x_refsource_misc
http://www.vbadvanced.com/forum/showthread.php?s=c4fdb72b5c0751a056e814bf32a26ddb&t=44720
Scores
EPSS
0.0119
EPSS Percentile
79.0%
Details
CWE
CWE-94
Status
published
Products (2)
vbadvanced/vbadvanced_cmps
3.2.1
vbadvanced/vbadvanced_cmps
< 3.2.2
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026