Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1412Code Injection in System Administration

CWE-94Code Injection3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
4.7%
top 10.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Gonicus System Administration
Timeline
PublishedDec 31
Latest updateApr 29

Description

PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-gpmc-5q92-m4gq: PHP remote file inclusion vulnerability in index2022-04-29

💥Exploits & PoCs

1
Exploit-DB
GONiCUS System Administrator 1.0 - Remote File Inclusion2003-02-24
CVE-2003-1412 — Code Injection in System Administration | cvebase