Vulnerability Details CVE-2004-1554
PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 88.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=109635806703748&w=2
- http://packetstormsecurity.nl/0410-exploits/alexPHP.txt
- http://securitytracker.com/id?1011432
- http://www.securityfocus.com/bid/11260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17516
- http://marc.info/?l=bugtraq&m=109635806703748&w=2
- http://packetstormsecurity.nl/0410-exploits/alexPHP.txt
- http://securitytracker.com/id?1011432
- http://www.securityfocus.com/bid/11260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17516
Products affected by CVE-2004-1554
-
cpe:2.3:a:alexphpteam:alex_guestbook:3.12