CVE-2004-0068

UNKNOWN

PHP remote file inclusion vulnerability in config

Published Sep 1, 2004

Modified 1 years ago

No fix available

Details

PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.

References

WEBhttp://marc.info/?l=bugtraq&m=107412194008671&w=2 WEBhttp://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393 WEBhttp://www.securityfocus.com/bid/9424 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/14826 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2004-0068

CVSS Analysis

CVSS v2.0

7.5

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedSep 1, 2004

ModifiedAug 8, 2024