Vulnerabilities > CVE-2004-0073 - Remote PHP File Include vulnerability in Stoitsov Easydynamicpages 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | EasyDynamicPages 1.0 config_page.php Remote PHP File Include Vulnerability. CVE-2004-0073 . Webapps exploit for php platform |
| id | EDB-ID:23507 |
| last seen | 2016-02-02 |
| modified | 2004-01-02 |
| published | 2004-01-02 |
| reporter | tsbeginnervn |
| source | https://www.exploit-db.com/download/23507/ |
| title | EasyDynamicPages 1.0 config_page.php Remote PHP File Include Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | EASYDYNAMICPAGES_CODE_INJECTION.NASL |
| description | The remote host is running EasyDynamicPages, a set of PHP scripts designed to help web publication. It is possible with this suite to make the remote host include PHP files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11976 |
| published | 2004-01-02 |
| reporter | This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/11976 |
| title | EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion |