Vulnerability Details : CVE-2011-5136
showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter.
Vulnerability category: Input validation
Products affected by CVE-2011-5136
- cpe:2.3:a:epractizelabs:subscription_manager:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-5136
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-5136
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2011-5136
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2011-5136
-
EPractize Labs Software 2012-11-29The PHP is used for tracking open email report in Email Marketing Software Express. It will not be called in any of your free subscription manager PHPs. We removed showImg.php from the latest version. You can verify at http://www.epractizelabs.com/email-marketing/subscription-manager.html (click download, extract and verify the contents).
References for CVE-2011-5136
-
http://seclists.org/fulldisclosure/2011/Dec/125
Full Disclosure: Backdoor in EPractize Labs Online Subscription Manager from epractizelabs.comExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71630
EPractize Labs Subscription Manager showImg.php code execution CVE-2011-5136 Vulnerability Report
Jump to