Vulnerabilities > CVE-2005-0862 - Remote File Include vulnerability in PHPopenchat 2.3.4/3.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description PHPOpenChat 2.3.4/3.0.1 poc_loginform.php phpbb_root_path Parameter Remote File Inclusion. CVE-2005-0862. Webapps exploit for php platform id EDB-ID:25227 last seen 2016-02-03 modified 2005-03-15 published 2005-03-15 reporter Albania Security Clan source https://www.exploit-db.com/download/25227/ title PHPOpenChat 2.3.4/3.0.1 PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion description PHPOpenChat 2.3.4/3.0.1 ENGLISH_poc.php Remote File Inclusion. CVE-2005-0862. Webapps exploit for php platform id EDB-ID:25229 last seen 2016-02-03 modified 2005-03-15 published 2005-03-15 reporter Albania Security Clan source https://www.exploit-db.com/download/25229/ title PHPOpenChat 2.3.4/3.0.1 ENGLISH_poc.php Remote File Inclusion
References
- http://secunia.com/advisories/14600
- http://securitytracker.com/id?1013434
- http://www.albanianhaxorz.org/advisory/phpopenchaten.txt
- http://www.osvdb.org/14807
- http://www.osvdb.org/14808
- http://www.osvdb.org/14809
- http://www.securityfocus.com/archive/1/465237/100/0/threaded
- http://www.securityfocus.com/bid/12817
- http://www.zone-h.org/advisories/read/id=7310
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19721