7.5
CVSSv2

CVE-2012-1199

Published: 18/02/2012 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 940
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php.

Affected Products

Vendor Product Versions
SecureideasBasic Analysis And Security Engine1.4.5

Exploits

source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary sc ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver proc ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the conte ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbi ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the c ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process T ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver pr ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process This ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver proces ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script c ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webs ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary scri ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process This may allo ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrar ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script cod ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process This may al ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process This ma ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in t ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process This may ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserve ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context o ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of th ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process Thi ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the we ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitr ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the con ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webser ...
source: wwwsecurityfocuscom/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process This may allow ...