CVE-2015-7381

Refbase < 0.9.6 - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/38292

View Code ZIP pw:eip

References (1)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/374092

Scores

EPSS 0.0615

EPSS Percentile 90.9%

Details

CWE

CWE-94

Status published

Products (1)

refbase/refbase < 0.9.6

Published Sep 28, 2015

Tracked Since Feb 18, 2026