Vulnerabilities > CVE-2004-1796 - Unspecified vulnerability in Hotnews
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Exploit-Db
description HotNews 0.x hotnews-engine.inc.php3 config[header] Parameter Remote File Inclusion. CVE-2004-1796. Webapps exploit for php platform id EDB-ID:23517 last seen 2016-02-02 modified 2004-01-05 published 2004-01-05 reporter Officerrr source https://www.exploit-db.com/download/23517/ title HotNews 0.x - hotnews-engine.inc.php3 configheader Parameter Remote File Inclusion description HotNews 0.x config[incdir] Parameter Remote File Inclusion. CVE-2004-1796. Webapps exploit for php platform id EDB-ID:23518 last seen 2016-02-02 modified 2004-01-05 published 2004-01-05 reporter Officerrr source https://www.exploit-db.com/download/23518/ title HotNews 0.x - configincdir Parameter Remote File Inclusion description HotNews 0.7.2 Remote File Inclusion. CVE-2004-1796. Webapps exploit for php platform id EDB-ID:12160 last seen 2016-02-01 modified 2010-04-11 published 2010-04-11 reporter team_elite source https://www.exploit-db.com/download/12160/ title HotNews 0.7.2 - Remote File Inclusion
Nessus
NASL family | CGI abuses |
NASL id | HOTNEWS_CODE_INJECTION.NASL |
description | The remote host is running HotNews, a set of PHP scripts designed to set up a newssystem for web pages. It is possible this suite to make the remote host include php files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11979 |
published | 2004-01-05 |
reporter | This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11979 |
title | HotNews Multiple Script Remote File Inclusion |
code |
|
References
- http://secunia.com/advisories/10551
- http://secunia.com/advisories/10551
- http://securitytracker.com/id?1008608
- http://securitytracker.com/id?1008608
- http://sourceforge.net/forum/forum.php?forum_id=342594
- http://sourceforge.net/forum/forum.php?forum_id=342594
- http://www.osvdb.org/3332
- http://www.osvdb.org/3332
- http://www.osvdb.org/3405
- http://www.osvdb.org/3405
- http://www.securityfocus.com/archive/1/348840
- http://www.securityfocus.com/archive/1/348840
- http://www.securityfocus.com/bid/9357
- http://www.securityfocus.com/bid/9357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14140
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14140