Vulnerabilities > CVE-2003-1251 - Unspecified vulnerability in NX N X web Content Management System 2002 Prerelease1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description N/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI. CVE-2003-1251. Webapps exploit for php platform id EDB-ID:22116 last seen 2016-02-02 modified 2003-01-02 published 2003-01-02 reporter frog source https://www.exploit-db.com/download/22116/ title N/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI description N/X Web Content Management System 2002 Prerelease 1 menu.inc.php c_path Parameter RFI. CVE-2003-1251. Webapps exploit for php platform id EDB-ID:22115 last seen 2016-02-02 modified 2003-01-02 published 2003-01-02 reporter frog source https://www.exploit-db.com/download/22115/ title N/X Web Content Management System 2002 Prerelease 1 menu.inc.php c_path Parameter RFI
Nessus
| NASL family | CGI abuses |
| NASL id | NX_WEB_CONTENT_FILE_INCLUDE.NASL |
| description | It is possible to make the remote host include PHP files hosted on a third-party server using N/X Web content management system. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11233 |
| published | 2003-02-17 |
| reporter | This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/11233 |
| title | N/X Web Content Management Multiple Script Remote File Inclusion |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0005.html
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0005.html
- http://secunia.com/advisories/7808
- http://secunia.com/advisories/7808
- http://www.iss.net/security_center/static/10969.php
- http://www.iss.net/security_center/static/10969.php
- http://www.securityfocus.com/bid/6500
- http://www.securityfocus.com/bid/6500