CVE-2004-0327
published 2004-11-23CVE-2004-0327: Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.95%
94.0th percentile
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skintech | phpnewsmanager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpNewsManager 1.36 - functions Script File Disclosure
exploitdb·2004-02-23
CVE-2004-0327 phpNewsManager 1.36 - functions Script File Disclosure
phpNewsManager 1.36 - functions Script File Disclosure
---
source: https://www.securityfocus.com/bid/9720/info
phpNewsManager is prone to a file disclosure vulnerability. Remote attackers may submit malicious requests to the software that contain directory traversal sequences, potentially exposing sensitive resources outside of the hosting web server root.
http://www.example.com/functions.php?clang=../../../[existing_file]
Exploit-DB
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (2)
exploitdb·2002-02-03
CVE-2004-0327 PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (2)
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (2)
---
Exploit-DB
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (3)
exploitdb·2002-02-03
CVE-2004-0327 PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (3)
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (3)
---
options(MYSQLI_OPT_LOCAL_INFILE, 1);
$m->set_local_infile_handler("r");
$m->query("LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE a.a");
$m->close();
?>
Exploit-DB
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (1)
exploitdb·2002-02-03
CVE-2004-0327 PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (1)
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (1)
---
<?php
/*
source: https://www.securityfocus.com/bid/4026/info
PHP's 'safe_mode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain unauthorized access to areas of the filesystem that are restricted when PHP 'safe_mode' is enabled.
In particular, the MySQL client library that ships with PHP fails to properly honor 'safe_mode'. As a result, a user can issue a LOAD DATA statement to read files that reside in restricted areas of the filesystem (as determined by 'safe_mode').
*/
/*
PHP Safe Mode Problem
This script will connect to a database server running locally or
otherwise,
cr
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107772470111000&w=2http://www.securityfocus.com/bid/9720http://www.zone-h.org/advisories/read/id=4024https://exchange.xforce.ibmcloud.com/vulnerabilities/15283http://marc.info/?l=bugtraq&m=107772470111000&w=2http://www.securityfocus.com/bid/9720http://www.zone-h.org/advisories/read/id=4024https://exchange.xforce.ibmcloud.com/vulnerabilities/15283
2004-11-23
Published