Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1412

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2003-1412
Last Modified 05 Sep 2008 04:36:52
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1412

Summary

PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.

Vulnerable Systems

Application

  • Gonicus System Administration 1.0


References

XF - gosa-plugin-file-include(11408)

BID - 6922

FULLDISC - 20030223 GOnicus System Administrator php injection

SECTRACK - 1006162

BUGTRAQ - 20030224 GOnicus System Administrator php injection

SECUNIA - 8120


Last Updated: 27 May 2016 10:38:21