Vulnerabilities > CVE-2004-0285 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
allmyguests-project
allmylinks-project
allmyvisitors-project
CWE-829
critical
exploit available
NVD
Published: 2004-11-23
Updated: 2024-04-23

Summary

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.

Vulnerable Configurations

Part Description Count
Application
Allmyguests_Project
4
Application
Allmylinks_Project
7
Application
Allmyvisitors_Project
2

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionAllMyGuests 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform
    idEDB-ID:23697
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterPablo Santana
    sourcehttps://www.exploit-db.com/download/23697/
    titleAllMyGuests 0.x - info.inc.php Arbitrary Code Execution
  • descriptionAllMyVisitors 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform
    idEDB-ID:23698
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterPablo Santana
    sourcehttps://www.exploit-db.com/download/23698/
    titleAllMyVisitors 0.x info.inc.php Arbitrary Code Execution
  • descriptionAllMyLinks 0.x footer.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform
    idEDB-ID:23699
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterPablo Santana
    sourcehttps://www.exploit-db.com/download/23699/
    titleAllMyLinks 0.x - footer.inc.php Arbitrary Code Execution

References