Vulnerabilities > CVE-2004-1573

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

aj-fork

cutephp

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.

Vulnerable Configurations

Part	Description	Count
Application	Aj-Fork AJ Fork AJ Fork 167	1
Application	Cutephp Cutephp Cutenews 0.88 Cutephp Cutenews 1.3 Cutephp Cutenews 1.3.1 Cutephp Cutenews 1.3.2 Cutephp Cutenews 1.3.6	5

References

http://echo.or.id/adv/adv07-y3dips-2004.txt
http://marc.info/?l=bugtraq&m=109664986210763&w=2
http://securitytracker.com/id?1011484
http://www.securityfocus.com/bid/11301
https://exchange.xforce.ibmcloud.com/vulnerabilities/17571

Vulnerabilities > CVE-2004-1573 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-1573"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2004-1573