Vulnerabilities > CVE-2004-0285 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH network
low complexity
allmyguests-project
allmylinks-project
allmyvisitors-project
CWE-829
critical
exploit available
Summary
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
Application | 7 | |
Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
description AllMyGuests 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform id EDB-ID:23697 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Pablo Santana source https://www.exploit-db.com/download/23697/ title AllMyGuests 0.x - info.inc.php Arbitrary Code Execution description AllMyVisitors 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform id EDB-ID:23698 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Pablo Santana source https://www.exploit-db.com/download/23698/ title AllMyVisitors 0.x info.inc.php Arbitrary Code Execution description AllMyLinks 0.x footer.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform id EDB-ID:23699 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter Pablo Santana source https://www.exploit-db.com/download/23699/ title AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution
References
- http://marc.info/?l=bugtraq&m=107696209514155&w=2
- http://marc.info/?l=bugtraq&m=107696209514155&w=2
- http://marc.info/?l=bugtraq&m=107696235424865&w=2
- http://marc.info/?l=bugtraq&m=107696235424865&w=2
- http://marc.info/?l=bugtraq&m=107696291728750&w=2
- http://marc.info/?l=bugtraq&m=107696291728750&w=2
- http://www.osvdb.org/6721
- http://www.osvdb.org/6721
- http://www.securityfocus.com/bid/9664
- http://www.securityfocus.com/bid/9664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15228
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15228