9.8

CVE-2004-0285

Exploit
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Allmyguests ProjectAllmyguests Version0.1.2
Allmyguests ProjectAllmyguests Version0.4.1
Allmylinks ProjectAllmylinks Version0.4.1
Allmylinks ProjectAllmylinks Version0.4.3
Allmylinks ProjectAllmylinks Version0.4.4
Allmylinks ProjectAllmylinks Version0.4.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.93% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

http://marc.info/?l=bugtraq&m=107696209514155&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=107696235424865&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=107696291728750&w=2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/9664
Patch
Third Party Advisory
Vendor Advisory
Exploit
Broken Link
VDB Entry