ID CVE-2004-2010Type cveReporter cve@mitre.orgModified 2017-07-11T01:31:00
Description
PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.
{"id": "CVE-2004-2010", "bulletinFamily": "NVD", "title": "CVE-2004-2010", "description": "PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.", "published": "2004-12-31T05:00:00", "modified": "2017-07-11T01:31:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2010", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/11587", "http://www.securityfocus.com/bid/10313", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16107", "http://www.fribble.net/advisories/phpshop_29-04-04.txt", "http://marc.info/?l=bugtraq&m=108420702317870&w=2"], "cvelist": ["CVE-2004-2010"], "type": "cve", "lastseen": "2019-05-29T18:08:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "1752dc00afcbf56d5a782d1bca551897"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "cda4baaa7bbb27212c64b340490d0677"}, {"key": "href", "hash": "0b2d9f3b800c483594bf9553bc4c7e6e"}, {"key": "modified", "hash": "523ab2b584257b356b93ab54fd2d1554"}, {"key": "published", "hash": "3f051342f862f2833e883053d29ea929"}, {"key": "references", "hash": "c1761d6b6321aafcb6b629a9866e7d6c"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6caa89a48e14b602d6a82e5b309705ec"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b58ce9eaf83431031a16177b88d7770ab01fb907b85f0f2bd4cb78f746a92993", "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2019-05-29T18:08:04"}, "score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-29T18:08:04"}, "vulnersScore": 6.9}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}
{}
