Vulnerabilities > CVE-2003-1292 - Remote File Include vulnerability in Ashwebstudio Ashnews 0.83
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | ashNews 0.83 (pathtoashnews) Remote File Include Vulnerabilities. CVE-2003-1292. Webapps exploit for php platform |
file | exploits/php/webapps/1864.txt |
id | EDB-ID:1864 |
last seen | 2016-01-31 |
modified | 2006-06-02 |
platform | php |
port | |
published | 2006-06-02 |
reporter | Kacper |
source | https://www.exploit-db.com/download/1864/ |
title | ashNews 0.83 pathtoashnews Remote File Include Vulnerabilities |
type | webapps |
Nessus
NASL family | CGI abuses |
NASL id | PHPGROUPWARE_FILE_INCLUDE.NASL |
description | It is possible to make the remote host include php files hosted on a third-party server using Ashnews. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. In addition, the application reportedly fails to sanitize the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11799 |
published | 2003-07-22 |
reporter | This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11799 |
title | ashNews 0.83 Multiple Vulnerabilities |
code |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html
- http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
- http://secunia.com/advisories/9331
- http://www.securityfocus.com/archive/1/329910
- http://www.securityfocus.com/bid/16436
- http://www.securityfocus.com/bid/18248
- https://www.exploit-db.com/exploits/1864