Search...

CVE-2004-0068

2004-02-17T05:00:00

ID CVE-2004-0068
Type cve
Reporter cve@mitre.org
Modified 2017-10-10T01:30:00

Description

PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.

JSON Vulners Source

Initial Source

{"id": "CVE-2004-0068", "bulletinFamily": "NVD", "title": "CVE-2004-0068", "description": "PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.", "published": "2004-02-17T05:00:00", "modified": "2017-10-10T01:30:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0068", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/14826", "http://marc.info/?l=bugtraq&m=107412194008671&w=2", "http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393", "http://www.securityfocus.com/bid/9424"], "cvelist": ["CVE-2004-0068"], "type": "cve", "lastseen": "2021-02-02T05:22:57", "edition": 6, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:3505"]}, {"type": "nessus", "idList": ["PHPDIG_CODE_INJECTION.NASL"]}], "modified": "2021-02-02T05:22:57", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-02-02T05:22:57", "rev": 2}, "vulnersScore": 7.4}, "cpe": ["cpe:/a:phpdig.net:phpdig:1.6.5"], "affectedSoftware": [{"cpeName": "phpdig.net:phpdig", "name": "phpdig.net phpdig", "operator": "le", "version": "1.6.5"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:phpdig.net:phpdig:1.6.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:phpdig.net:phpdig:1.6.5:*:*:*:*:*:*:*", "versionEndIncluding": "1.6.5", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393", "refsource": "CONFIRM", "tags": ["Patch"], "url": "http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393"}, {"name": "phpdig-config-file-include(14826)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14826"}, {"name": "20040114 PhpDig 1.6.x: remote command execution", "refsource": "BUGTRAQ", "tags": [], "url": "http://marc.info/?l=bugtraq&m=107412194008671&w=2"}, {"name": "9424", "refsource": "BID", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9424"}]}

{"osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "cvelist": ["CVE-2004-0068"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:10638](https://secuniaresearch.flexerasoftware.com/advisories/10638/)\n[CVE-2004-0068](https://vulners.com/cve/CVE-2004-0068)\n", "modified": "2004-01-15T06:39:16", "published": "2004-01-15T06:39:16", "href": "https://vulners.com/osvdb/OSVDB:3505", "id": "OSVDB:3505", "title": "PhpDig relative_script_path Arbitrary File Inclusion\n ", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T13:26:24", "description": "The remote host is running phpdig, an http search engine written in PHP.\nThere is a flaw in this product that could allow an attacker to execute\narbitrary PHP code on this by forcing this set of CGI to include a PHP\nscript hosted on a third-party host.", "edition": 24, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}, "published": "2004-01-15T00:00:00", "title": "PhpDig config.php relative_script_path Parameter Remote File Inclusion", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0068"], "modified": "2004-01-15T00:00:00", "cpe": ["cpe:/a:phpdig.net:phpdig", "cpe:/a:phpdig.net:phpdig"], "id": "PHPDIG_CODE_INJECTION.NASL", "href": "https://www.tenable.com/plugins/nessus/12008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(12008);\n script_version(\"1.22\");\n script_cve_id(\"CVE-2004-0068\");\n script_bugtraq_id(9424);\n\n script_name(english:\"PhpDig config.php relative_script_path Parameter Remote File Inclusion\");\n script_summary(english:\"Detect phpdig code injection vuln\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code may be executed on the remote server.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running phpdig, an http search engine written in PHP.\nThere is a flaw in this product that could allow an attacker to execute\narbitrary PHP code on this by forcing this set of CGI to include a PHP\nscript hosted on a third-party host.\" );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to the latest version of this software.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2004-0068\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/01/15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:phpdig.net:phpdig\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:phpdig.net:phpdig\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"webmirror.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\nif (! can_host_php(port:port) ) exit(0);\n\n\nfunction check_dir(path)\n{\n local_var u, r, res;\n u = strcat(path, \"/includes/config.php?relative_script_path=http://example.com\");\n r = http_send_recv3(method: \"GET\", item: u, port:port);\n if (isnull(r)) exit(0);\n res = strcat(r[0], r[1], '\\r\\n', r[2]);\n if (\"http://example.com/libs/.php\" >< res) \n {\n security_hole(port);\n exit(0);\n }\n}\n\nforeach dir (cgi_dirs())\n{\ncheck_dir(path:dir);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}