CVE-2004-1796

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.

Ссылки

http://secunia.com/advisories/10551
Patch
http://securitytracker.com/id?1008608
Exploit
Patch
http://sourceforge.net/forum/forum.php?forum_id=342594
Patch
http://www.osvdb.org/3332
http://www.osvdb.org/3405
http://www.securityfocus.com/archive/1/348840
Exploit
Patch
http://www.securityfocus.com/bid/9357
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/14140
http://secunia.com/advisories/10551
Patch
http://securitytracker.com/id?1008608
Exploit
Patch
http://sourceforge.net/forum/forum.php?forum_id=342594
Patch
http://www.osvdb.org/3332
http://www.osvdb.org/3405
http://www.securityfocus.com/archive/1/348840
Exploit
Patch
http://www.securityfocus.com/bid/9357
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/14140

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hotnews:hotnews:0.5.3:*:*:*:*:*:*:*

cpe:2.3:a:hotnews:hotnews:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:hotnews:hotnews:0.6.0_pre:*:*:*:*:*:*:*

cpe:2.3:a:hotnews:hotnews:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:hotnews:hotnews:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:hotnews:hotnews:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:hotnews:hotnews:0.7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13241

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rphj-cr7q-54vg

github

больше 3 лет назад