Vulnerabilities > CVE-2004-1592 - Unspecified vulnerability in Ocportal 1.0.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ocportal

nessus

exploit available

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.

Vulnerable Configurations

Part	Description	Count
Application	Ocportal Ocportal Ocportal 1.0.3	1

Exploit-Db

description	ocPortal 1.0.3 Remote File Inclusion. CVE-2004-1592. Webapps exploit for php platform
id	EDB-ID:574
last seen	2016-01-31
modified	2004-10-13
published	2004-10-13
reporter	Exoduks
source	https://www.exploit-db.com/download/574/
title	ocPortal 1.0.3 - Remote File Inclusion

Nessus

NASL family	CGI abuses
NASL id	OCP_PORTAL_FILE_INCLUDE.NASL
description	The remote host is running ocPortal, a content management system written in PHP. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary commands on the remote host by using a file inclusion bug in the file
last seen	2020-06-01
modified	2020-06-02
plugin id	15468
published	2004-10-13
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/15468
title	ocPortal index.php req_path Parameter Remote File Inclusion

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References