Vulnerabilities > CVE-2004-2364 - Unspecified vulnerability in PHPx
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpx
exploit available
Summary
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Phpx
| 20 |
Exploit-Db
description PHPX 3.x admin/images.php CSRF Arbitrary Command Execution. CVE-2004-2364. Webapps exploit for php platform id EDB-ID:24091 last seen 2016-02-02 modified 2004-05-05 published 2004-05-05 reporter JeiAr source https://www.exploit-db.com/download/24091/ title PHPX 3.x admin/images.php CSRF Arbitrary Command Execution description PHPX 3.x admin/news.php CSRF Arbitrary Command Execution. CVE-2004-2364. Webapps exploit for php platform id EDB-ID:24089 last seen 2016-02-02 modified 2004-05-05 published 2004-05-05 reporter JeiAr source https://www.exploit-db.com/download/24089/ title PHPX 3.x admin/news.php CSRF Arbitrary Command Execution description PHPX 3.x admin/user.php CSRF Arbitrary Command Execution. CVE-2004-2364. Webapps exploit for php platform id EDB-ID:24090 last seen 2016-02-02 modified 2004-05-05 published 2004-05-05 reporter JeiAr source https://www.exploit-db.com/download/24090/ title PHPX 3.x admin/user.php CSRF Arbitrary Command Execution description PHPX 3.x admin/page.php CSRF Arbitrary Command Execution. CVE-2004-2364. Webapps exploit for php platform id EDB-ID:24088 last seen 2016-02-02 modified 2004-05-05 published 2004-05-05 reporter JeiAr source https://www.exploit-db.com/download/24088/ title PHPX 3.x admin/page.php CSRF Arbitrary Command Execution description PHPX < 3.26 - Multiple Vulnerabilities. CVE-2004-2364. Webapps exploit for PHP platform id EDB-ID:43812 last seen 2018-01-24 modified 2004-05-04 published 2004-05-04 reporter Exploit-DB source https://www.exploit-db.com/download/43812/ title PHPX < 3.26 - Multiple Vulnerabilities description PHPX 3.x admin/forums.php CSRF Arbitrary Command Execution. CVE-2004-2364. Webapps exploit for php platform id EDB-ID:24092 last seen 2016-02-02 modified 2004-05-05 published 2004-05-05 reporter JeiAr source https://www.exploit-db.com/download/24092/ title PHPX 3.x admin/forums.php CSRF Arbitrary Command Execution
References
- http://secunia.com/advisories/11554
- http://secunia.com/advisories/11554
- http://securitytracker.com/id?1010061
- http://securitytracker.com/id?1010061
- http://www.osvdb.org/5907
- http://www.osvdb.org/5907
- http://www.osvdb.org/5908
- http://www.osvdb.org/5908
- http://www.osvdb.org/5909
- http://www.osvdb.org/5909
- http://www.osvdb.org/5910
- http://www.osvdb.org/5910
- http://www.osvdb.org/5911
- http://www.osvdb.org/5911
- http://www.phpx.org/project.php?action=view&project_id=1
- http://www.phpx.org/project.php?action=view&project_id=1
- http://www.securityfocus.com/archive/1/362230
- http://www.securityfocus.com/archive/1/362230
- http://www.securityfocus.com/bid/10284
- http://www.securityfocus.com/bid/10284