PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html | Exploit Vendor Advisory |
http://www.iss.net/security_center/static/11009.php | |
http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html | Exploit Vendor Advisory |
http://www.iss.net/security_center/static/11009.php |
Configurations
History
20 Nov 2024, 23:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html - Exploit, Vendor Advisory | |
References | () http://www.iss.net/security_center/static/11009.php - |
Information
Published : 2003-12-31 05:00
Updated : 2024-11-20 23:46
NVD link : CVE-2003-1253
Mitre link : CVE-2003-1253
CVE.ORG link : CVE-2003-1253
JSON object : View
Products Affected
sangwan_kim
- bookmark4u
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')