Vulnerabilities > CVE-2003-1251 - Remote File Include vulnerability in NX N X web Content Management System 2002 Prerelease1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
nx
nessus
exploit available

Summary

The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.

Vulnerable Configurations

Part Description Count
Application
Nx
1

Exploit-Db

  • descriptionN/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI. CVE-2003-1251. Webapps exploit for php platform
    idEDB-ID:22116
    last seen2016-02-02
    modified2003-01-02
    published2003-01-02
    reporterfrog
    sourcehttps://www.exploit-db.com/download/22116/
    titleN/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI
  • descriptionN/X Web Content Management System 2002 Prerelease 1 menu.inc.php c_path Parameter RFI. CVE-2003-1251. Webapps exploit for php platform
    idEDB-ID:22115
    last seen2016-02-02
    modified2003-01-02
    published2003-01-02
    reporterfrog
    sourcehttps://www.exploit-db.com/download/22115/
    titleN/X Web Content Management System 2002 Prerelease 1 menu.inc.php c_path Parameter RFI

Nessus

NASL familyCGI abuses
NASL idNX_WEB_CONTENT_FILE_INCLUDE.NASL
descriptionIt is possible to make the remote host include PHP files hosted on a third-party server using N/X Web content management system. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server.
last seen2020-06-01
modified2020-06-02
plugin id11233
published2003-02-17
reporterThis script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/11233
titleN/X Web Content Management Multiple Script Remote File Inclusion