CVE-2004-0285

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
References
Link Resource
http://marc.info/?l=bugtraq&m=107696209514155&w=2 Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=107696235424865&w=2 Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=107696291728750&w=2 Mailing List Third Party Advisory
http://www.osvdb.org/6721 Broken Link
http://www.securityfocus.com/bid/9664 Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 Third Party Advisory VDB Entry
http://marc.info/?l=bugtraq&m=107696209514155&w=2 Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=107696235424865&w=2 Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=107696291728750&w=2 Mailing List Third Party Advisory
http://www.osvdb.org/6721 Broken Link
http://www.securityfocus.com/bid/9664 Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:allmyguests_project:allmyguests:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.4:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.5:*:*:*:*:*:*:*
cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.4:*:*:*:*:*:*:*

History

20 Nov 2024, 23:48

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=107696209514155&w=2 - Mailing List, Third Party Advisory () http://marc.info/?l=bugtraq&m=107696209514155&w=2 - Mailing List, Third Party Advisory
References () http://marc.info/?l=bugtraq&m=107696235424865&w=2 - Mailing List, Third Party Advisory () http://marc.info/?l=bugtraq&m=107696235424865&w=2 - Mailing List, Third Party Advisory
References () http://marc.info/?l=bugtraq&m=107696291728750&w=2 - Mailing List, Third Party Advisory () http://marc.info/?l=bugtraq&m=107696291728750&w=2 - Mailing List, Third Party Advisory
References () http://www.osvdb.org/6721 - Broken Link () http://www.osvdb.org/6721 - Broken Link
References () http://www.securityfocus.com/bid/9664 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory () http://www.securityfocus.com/bid/9664 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 - Third Party Advisory, VDB Entry

23 Apr 2024, 19:52

Type Values Removed Values Added
First Time Allmylinks Project
Allmyvisitors Project
Allmyguests Project allmyguests
Allmyvisitors Project allmyvisitors
Allmylinks Project allmylinks
Allmyguests Project
CPE cpe:2.3:a:voice_of_web:allmyvisitors:0.3:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmylinks:0.4:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmylinks:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmyguests:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmyguests:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmyguests:0.4:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmylinks:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmylinks:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmyguests:0.3:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmyvisitors:0.4:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmylinks:0.5:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmylinks:0.3:*:*:*:*:*:*:*
cpe:2.3:a:voice_of_web:allmylinks:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.4:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.5:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.4:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.3:*:*:*:*:*:*:*

08 Feb 2024, 02:26

Type Values Removed Values Added
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15226 - Third Party Advisory, VDB Entry
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15228 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696291728750&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696291728750&w=2 - Mailing List, Third Party Advisory
References (OSVDB) http://www.osvdb.org/6721 - (OSVDB) http://www.osvdb.org/6721 - Broken Link
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696209514155&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696209514155&w=2 - Mailing List, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/9664 - Exploit, Patch, Vendor Advisory (BID) http://www.securityfocus.com/bid/9664 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696235424865&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=107696235424865&w=2 - Mailing List, Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/15227 - Third Party Advisory, VDB Entry
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-94 CWE-829

Information

Published : 2004-11-23 05:00

Updated : 2024-11-20 23:48


NVD link : CVE-2004-0285

Mitre link : CVE-2004-0285

CVE.ORG link : CVE-2004-0285


JSON object : View

Products Affected

allmyguests_project

  • allmyguests

allmyvisitors_project

  • allmyvisitors

allmylinks_project

  • allmylinks
CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere