Vulnerabilities > CVE-2005-0698 - Remote File Include vulnerability in Jason Hines PHPWebLog

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

jason-hines

exploit available

NVD

Published: 2005-03-07

Updated: 2008-09-05

Summary

PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code.

Vulnerable Configurations

Part	Description	Count
Application	Jason_Hines Jason Hines Phpweblog 0.4.2 Jason Hines Phpweblog 0.5 Jason Hines Phpweblog 0.5.1 Jason Hines Phpweblog 0.5.2 Jason Hines Phpweblog 0.5.3	5

Exploit-Db

description	phpWebLog <= 0.5.3 Arbitrary File Inclusion. CVE-2005-0698. Webapps exploit for php platform
id	EDB-ID:864
last seen	2016-01-31
modified	2005-03-07
published	2005-03-07
reporter	Filip Groszynski
source	https://www.exploit-db.com/download/864/
title	phpWebLog <= 0.5.3 - Arbitrary File Inclusion

Summary

Vulnerable Configurations

Exploit-Db

References