CVE-2004-2364
published 2004-12-31CVE-2004-2364: Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
10.71%
95.3th percentile
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
| phpx | phpx | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPX 3.x - '/news.php' Cross-Site Request Forgery / Arbitrary Command Execution
exploitdb·2004-05-05
CVE-2004-2364 PHPX 3.x - '/news.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - '/news.php' Cross-Site Request Forgery / Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/10284/info
It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.
This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.
htt
Exploit-DB
PHPX 3.x - '/user.php' Cross-Site Request Forgery / Arbitrary Command Execution
exploitdb·2004-05-05
CVE-2004-2364 PHPX 3.x - '/user.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - '/user.php' Cross-Site Request Forgery / Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/10284/info
It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.
This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.
htt
Exploit-DB
PHPX 3.x - '/forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
exploitdb·2004-05-05
CVE-2004-2364 PHPX 3.x - '/forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - '/forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/10284/info
It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.
This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.
h
Exploit-DB
PHPX 3.x - '/page.php' Cross-Site Request Forgery / Arbitrary Command Execution
exploitdb·2004-05-05
CVE-2004-2364 PHPX 3.x - '/page.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - '/page.php' Cross-Site Request Forgery / Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/10284/info
It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.
This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.
htt
Exploit-DB
PHPX 3.x - '/images.php' Cross-Site Request Forgery / Arbitrary Command Execution
exploitdb·2004-05-05
CVE-2004-2364 PHPX 3.x - '/images.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - '/images.php' Cross-Site Request Forgery / Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/10284/info
It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.
This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.
h
Exploit-DB
PHPX < 3.26 - Multiple Vulnerabilities
exploitdb·2004-05-04·CVSS 5.0
CVE-2004-2364 [MEDIUM] PHPX < 3.26 - Multiple Vulnerabilities
PHPX ","<","(",")");
foreach($checkArray as $c){
if (substr_count($_SERVER["REQUEST_URI"], $c)){ die("HACK ATTEMPT"); }
}
}
As you can see from this function only a few items are to be stripped from the uri. This can easily be circumvented by hex encoding script and then by sending the requests to a vulnerable file. Below are just a few examples.
forums.php?forum_id=[VID]&limit=25%3Ciframe%3E
forums.php?forum_id=[VID]&topic_id=[VID]&limit=15%3Ciframe%3E
users.php?action=&limit=100%3Ciframe%3E
users.php?action=view&user_id=[VID]%3E%3Ciframe%3E
forums.php?action=post&forum_id=[VID]%3E%3Ciframe%3E
forums.php?action=search&search_id=[VID]&limit=25%3E%3Ciframe%3E
users.php?action=email&user_id=%3E%3Ciframe%3E
users.php?action=view&user_id=[VID]%3E%3Ciframe%3E
forums.php?forum_id=[VID]%3E%3Cif
No writeups or analysis indexed.
http://secunia.com/advisories/11554http://securitytracker.com/id?1010061http://www.osvdb.org/5907http://www.osvdb.org/5908http://www.osvdb.org/5909http://www.osvdb.org/5910http://www.osvdb.org/5911http://www.phpx.org/project.php?action=view&project_id=1http://www.securityfocus.com/archive/1/362230http://www.securityfocus.com/bid/10284http://secunia.com/advisories/11554http://securitytracker.com/id?1010061http://www.osvdb.org/5907http://www.osvdb.org/5908http://www.osvdb.org/5909http://www.osvdb.org/5910http://www.osvdb.org/5911http://www.phpx.org/project.php?action=view&project_id=1http://www.securityfocus.com/archive/1/362230http://www.securityfocus.com/bid/10284
2004-12-31
Published