Vulnerabilities > CVE-2004-0285 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Voice of web Allmyguests, Allmylinks and Allmyvisitors
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description AllMyGuests 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform id EDB-ID:23697 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Pablo Santana source https://www.exploit-db.com/download/23697/ title AllMyGuests 0.x - info.inc.php Arbitrary Code Execution description AllMyVisitors 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform id EDB-ID:23698 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Pablo Santana source https://www.exploit-db.com/download/23698/ title AllMyVisitors 0.x info.inc.php Arbitrary Code Execution description AllMyLinks 0.x footer.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform id EDB-ID:23699 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Pablo Santana source https://www.exploit-db.com/download/23699/ title AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution
References
- http://www.securityfocus.com/bid/9664
- http://www.osvdb.org/6721
- http://marc.info/?l=bugtraq&m=107696209514155&w=2
- http://marc.info/?l=bugtraq&m=107696291728750&w=2
- http://marc.info/?l=bugtraq&m=107696235424865&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15228
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15226