Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1820

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1820
Last Modified 02 Sep 2013 12:32:20
Published 15 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1820

Summary

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.

Vulnerable Systems

Application

  • Warpspeed 4nalbum Module 0.92


References

SECUNIA - 11134

XF - 4nalbum-displaycategory-file-include(15496)

BID - 9881

OSVDB - 4292

BUGTRAQ - 20040315 [waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]


Last Updated: 27 May 2016 10:39:12