Vulnerabilities > CVE-2003-1086 - Unspecified vulnerability in Pmachine Free and Pmachine PRO
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | PMachine 2.2.1 Lib.Inc.PHP Remote Include Command Execution Vulnerability. CVE-2003-1086. Webapps exploit for php platform |
id | EDB-ID:22776 |
last seen | 2016-02-02 |
modified | 2003-06-15 |
published | 2003-06-15 |
reporter | frog |
source | https://www.exploit-db.com/download/22776/ |
title | PMachine 2.2.1 Lib.Inc.PHP Remote Include Command Execution Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PMACHINE_CODE_INJECTION.NASL |
description | It is possible to make the remote host include PHP files hosted on a third-party server using the pmachine CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11739 |
published | 2003-06-16 |
reporter | This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11739 |
title | pMachine lib.inc.php pm_path Parameter Remote File Inclusion |
code |
|