CVE-2007-2260

critical

Description

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.

References

http://www.securityfocus.com/archive/1/466683/100/0/threaded

http://securityreason.com/securityalert/2624

http://osvdb.org/35633

http://osvdb.org/35632

http://osvdb.org/35631

http://osvdb.org/35630

http://osvdb.org/35629

http://osvdb.org/35628

http://osvdb.org/35627

http://osvdb.org/35626

http://osvdb.org/35625

http://osvdb.org/35624

http://osvdb.org/35623

http://osvdb.org/35622

http://osvdb.org/35621

Details

Source: Mitre, NVD

Published: 2007-04-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01951