Vulnerabilities > CVE-2004-0285 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
allmyguests-project
allmylinks-project
allmyvisitors-project
CWE-829
critical
exploit available

Summary

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.

Exploit-Db

  • descriptionAllMyGuests 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform
    idEDB-ID:23697
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterPablo Santana
    sourcehttps://www.exploit-db.com/download/23697/
    titleAllMyGuests 0.x - info.inc.php Arbitrary Code Execution
  • descriptionAllMyVisitors 0.x info.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform
    idEDB-ID:23698
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterPablo Santana
    sourcehttps://www.exploit-db.com/download/23698/
    titleAllMyVisitors 0.x info.inc.php Arbitrary Code Execution
  • descriptionAllMyLinks 0.x footer.inc.php Arbitrary Code Execution. CVE-2004-0285. Webapps exploit for php platform
    idEDB-ID:23699
    last seen2016-02-02
    modified2004-02-16
    published2004-02-16
    reporterPablo Santana
    sourcehttps://www.exploit-db.com/download/23699/
    titleAllMyLinks 0.x - footer.inc.php Arbitrary Code Execution