CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1796

PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.132

EPSS Ranking 93.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/10551
http://securitytracker.com/id?1008608
http://sourceforge.net/forum/forum.php?forum_id=342594
http://www.osvdb.org/3332
http://www.osvdb.org/3405
http://www.securityfocus.com/archive/1/348840
http://www.securityfocus.com/bid/9357
https://exchange.xforce.ibmcloud.com/vulnerabilities/14140
http://secunia.com/advisories/10551
http://securitytracker.com/id?1008608
http://sourceforge.net/forum/forum.php?forum_id=342594
http://www.osvdb.org/3332
http://www.osvdb.org/3405
http://www.securityfocus.com/archive/1/348840
http://www.securityfocus.com/bid/9357
https://exchange.xforce.ibmcloud.com/vulnerabilities/14140

Products affected by CVE-2004-1796

Hotnews » Hotnews » Version: 0.5.3

cpe:2.3:a:hotnews:hotnews:0.5.3
Hotnews » Hotnews » Version: 0.6.0

cpe:2.3:a:hotnews:hotnews:0.6.0
Hotnews » Hotnews » Version: 0.6.0_pre

cpe:2.3:a:hotnews:hotnews:0.6.0_pre
Hotnews » Hotnews » Version: 0.6.1

cpe:2.3:a:hotnews:hotnews:0.6.1
Hotnews » Hotnews » Version: 0.7.0

cpe:2.3:a:hotnews:hotnews:0.7.0
Hotnews » Hotnews » Version: 0.7.1

cpe:2.3:a:hotnews:hotnews:0.7.1
Hotnews » Hotnews » Version: 0.7.2

cpe:2.3:a:hotnews:hotnews:0.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1796

Products

Pricing

Contact Us