Vulnerabilities > CVE-2003-1148 - Remote File Include vulnerability in LES Visiteurs LES Visiteurs 2.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Les Visiteurs 2.0 Remote File Include. CVE-2003-1148. Webapps exploit for php platform |
id | EDB-ID:23302 |
last seen | 2016-02-02 |
modified | 2003-10-27 |
published | 2003-10-27 |
reporter | Matthieu Peschaud |
source | https://www.exploit-db.com/download/23302/ |
title | Les Visiteurs 2.0 - Remote File Include |
Nessus
NASL family | CGI abuses |
NASL id | LES_VISITEURS.NASL |
description | The remote |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11911 |
published | 2003-10-27 |
reporter | This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11911 |
title | Les Visiteurs Multiple Remote File Inclusion |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-10/0262.html
- http://secunia.com/advisories/10079
- http://securitytracker.com/id?1008011
- http://securitytracker.com/id?1017065
- http://www.osvdb.org/2717
- http://www.osvdb.org/3586
- http://www.securityfocus.com/bid/8902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13529