| Title | FreeSchool における PHP リモートファイルインクルージョンの脆弱性 |
|---|---|
| Summary | FreeSchool には、PHP リモートファイルインクルージョンの脆弱性が存在します。 |
| Possible impacts | 第三者により、以下の PHP スクリプトへの CLASSPATH パラメータの URL を介して、任意の PHP コードを実行される可能性があります。 (1) biblioteca/ 配下の bib_form.php (2) biblioteca/ 配下の bib_pldetails.php (3) biblioteca/ 配下の bib_plform.php (4) biblioteca/ 配下の bib_plsearchc.php (5) biblioteca/ 配下の bib_plsearchs.php (6) biblioteca/ 配下の bib_save.php (7) biblioteca/ 配下の bib_searchc.php (8) biblioteca/ 配下の bib_searchs.php (9) biblioteca/ 配下の edi_form.php (10) biblioteca/ 配下の edi_save.php (11) biblioteca/ 配下の gen_form.php (12) biblioteca/ 配下の gen_save.php (13) biblioteca/ 配下の lin_form.php (14) biblioteca/ 配下の lin_save.php (15) biblioteca/ 配下の luo_form.php (16) biblioteca/ 配下の luo_save.php (17) biblioteca/ 配下の sog_form.php (18) biblioteca/ 配下の sog_save.php (19) calendario/ 配下の cal_insert.php (20) calendario/ 配下の cal_save.php (21) calendario/ 配下の cal_saveactivity.php (22) circolari/cir_save.php (23) modulistica/mdl_save.php. |
| Solution | ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Dec. 30, 2009, midnight |
| Registration Date | June 26, 2012, 4:18 p.m. |
| Last Update | June 26, 2012, 4:18 p.m. |
| CVSS2.0 : 危険 | |
| Score | 7.5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| freeschool |
| freeschool 1.1.0 およびそれ以前 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2012年06月26日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php. |
|---|---|
| Summary | Vulnerabilidad de inclusión remota de archivo PHP en FreeSchool v1.1.0 y anteriores, permite a atacantes remotos ejecutar código PHP de su elección a través de la URL en el parámetro CLASSPATH sobre (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, o (18) sog_save.php en biblioteca/; (19) cal_insert.php, (20) cal_save.php, o (21) cal_saveactivity.php en calendario/; (22) circolari/cir_save.php; o (23) modulistica/mdl_save.php. |
| Publication Date | Dec. 31, 2009, 6:30 a.m. |
| Registration Date | Jan. 29, 2021, 1:27 p.m. |
| Last Update | April 23, 2026, 9:35 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:freeschool:freeschool:*:*:*:*:*:*:*:* | 1.1.0 | ||||