Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1148

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1148
Last Modified 05 Sep 2008 04:36:10
Published 25 Oct 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1148

Summary

Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.

Vulnerable Systems

Application

  • Les Visiteurs 2.0.1


References

XF - les-visiteurs-file-include(13529)

OSVDB - 3586

SECTRACK - 1008011

BUGTRAQ - 20031026 Les Visiteurs v2.0.1 code injection vulnerability

BID - 8902

OSVDB - 2717

SECTRACK - 1017065

SECUNIA - 10079


Last Updated: 27 May 2016 10:38:14