PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=107696209514155&w=2 - Mailing List, Third Party Advisory | |
References | () http://marc.info/?l=bugtraq&m=107696235424865&w=2 - Mailing List, Third Party Advisory | |
References | () http://marc.info/?l=bugtraq&m=107696291728750&w=2 - Mailing List, Third Party Advisory | |
References | () http://www.osvdb.org/6721 - Broken Link | |
References | () http://www.securityfocus.com/bid/9664 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 - Third Party Advisory, VDB Entry |
23 Apr 2024, 19:52
Type | Values Removed | Values Added |
---|---|---|
First Time |
Allmylinks Project
Allmyvisitors Project Allmyguests Project allmyguests Allmyvisitors Project allmyvisitors Allmylinks Project allmylinks Allmyguests Project |
|
CPE | cpe:2.3:a:voice_of_web:allmylinks:0.4:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmylinks:0.4.4:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmyguests:0.4.1:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmyguests:0.1.2:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmyguests:0.4:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmylinks:0.4.9:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmylinks:0.4.1:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmyguests:0.3:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmyvisitors:0.4:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmylinks:0.5:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmylinks:0.3:*:*:*:*:*:*:* cpe:2.3:a:voice_of_web:allmylinks:0.4.3:*:*:*:*:*:*:* |
cpe:2.3:a:allmyguests_project:allmyguests:0.4:*:*:*:*:*:*:* cpe:2.3:a:allmylinks_project:allmylinks:0.4:*:*:*:*:*:*:* cpe:2.3:a:allmyguests_project:allmyguests:0.3:*:*:*:*:*:*:* cpe:2.3:a:allmylinks_project:allmylinks:0.4.1:*:*:*:*:*:*:* cpe:2.3:a:allmyguests_project:allmyguests:0.1.2:*:*:*:*:*:*:* cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.3:*:*:*:*:*:*:* cpe:2.3:a:allmylinks_project:allmylinks:0.5:*:*:*:*:*:*:* cpe:2.3:a:allmylinks_project:allmylinks:0.4.4:*:*:*:*:*:*:* cpe:2.3:a:allmylinks_project:allmylinks:0.4.9:*:*:*:*:*:*:* cpe:2.3:a:allmyguests_project:allmyguests:0.4.1:*:*:*:*:*:*:* cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.4:*:*:*:*:*:*:* cpe:2.3:a:allmylinks_project:allmylinks:0.4.3:*:*:*:*:*:*:* cpe:2.3:a:allmylinks_project:allmylinks:0.3:*:*:*:*:*:*:* |
08 Feb 2024, 02:26
Type | Values Removed | Values Added |
---|---|---|
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 - Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 - Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696291728750&w=2 - Mailing List, Third Party Advisory | |
References | (OSVDB) http://www.osvdb.org/6721 - Broken Link | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696209514155&w=2 - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/9664 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696235424865&w=2 - Mailing List, Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-829 |
Information
Published : 2004-11-23 05:00
Updated : 2024-11-20 23:48
NVD link : CVE-2004-0285
Mitre link : CVE-2004-0285
CVE.ORG link : CVE-2004-0285
JSON object : View
Products Affected
allmyguests_project
- allmyguests
allmyvisitors_project
- allmyvisitors
allmylinks_project
- allmylinks
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere