CVE-2004-2692

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-2692
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://kyberdigi.cz/projects/execdir/english.html Patch
http://seclists.org/fulldisclosure/2004/Jul/0347.html
http://seclists.org/fulldisclosure/2004/Jul/0350.html
http://seclists.org/fulldisclosure/2004/Jul/0357.html
http://secunia.com/advisories/11928 Vendor Advisory
http://www.osvdb.org/7243
http://www.securityfocus.com/bid/10598 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16498
http://kyberdigi.cz/projects/execdir/english.html Patch
http://seclists.org/fulldisclosure/2004/Jul/0347.html
http://seclists.org/fulldisclosure/2004/Jul/0350.html
http://seclists.org/fulldisclosure/2004/Jul/0357.html
http://secunia.com/advisories/11928 Vendor Advisory
http://www.osvdb.org/7243
http://www.securityfocus.com/bid/10598 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16498
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.7:*:*:*:*:*:*:*
History

20 Nov 2024, 23:53

Type Values Removed Values Added
References () http://kyberdigi.cz/projects/execdir/english.html - Patch () http://kyberdigi.cz/projects/execdir/english.html - Patch
References () http://seclists.org/fulldisclosure/2004/Jul/0347.html - () http://seclists.org/fulldisclosure/2004/Jul/0347.html -
References () http://seclists.org/fulldisclosure/2004/Jul/0350.html - () http://seclists.org/fulldisclosure/2004/Jul/0350.html -
References () http://seclists.org/fulldisclosure/2004/Jul/0357.html - () http://seclists.org/fulldisclosure/2004/Jul/0357.html -
References () http://secunia.com/advisories/11928 - Vendor Advisory () http://secunia.com/advisories/11928 - Vendor Advisory
References () http://www.osvdb.org/7243 - () http://www.osvdb.org/7243 -
References () http://www.securityfocus.com/bid/10598 - Exploit, Patch () http://www.securityfocus.com/bid/10598 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/16498 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/16498 -
Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:53

NVD link : CVE-2004-2692

Mitre link : CVE-2004-2692

CVE.ORG link : CVE-2004-2692

JSON object : View

Products Affected

kyberdigi_labs

  • php-exec-dir
CWE
CWE-16

Configuration

CWE-264

Permissions, Privileges, and Access Controls


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024