Vulnerability Description
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpdig.Net | Phpdig | <= 1.6.5 |
References
- http://marc.info/?l=bugtraq&m=107412194008671&w=2
- http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadidPatch
- http://www.securityfocus.com/bid/9424PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14826
- http://marc.info/?l=bugtraq&m=107412194008671&w=2
- http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadidPatch
- http://www.securityfocus.com/bid/9424PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14826
FAQ
What is CVE-2004-0068?
CVE-2004-0068 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a...
How severe is CVE-2004-0068?
CVE-2004-0068 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0068?
Check the references section above for vendor advisories and patch information. Affected products include: Phpdig.Net Phpdig.