Vulnerability Description
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hotnews | Hotnews | 0.5.3 |
References
- http://secunia.com/advisories/10551Patch
- http://securitytracker.com/id?1008608ExploitPatch
- http://sourceforge.net/forum/forum.php?forum_id=342594Patch
- http://www.osvdb.org/3332
- http://www.osvdb.org/3405
- http://www.securityfocus.com/archive/1/348840ExploitPatch
- http://www.securityfocus.com/bid/9357ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14140
- http://secunia.com/advisories/10551Patch
- http://securitytracker.com/id?1008608ExploitPatch
- http://sourceforge.net/forum/forum.php?forum_id=342594Patch
- http://www.osvdb.org/3332
- http://www.osvdb.org/3405
- http://www.securityfocus.com/archive/1/348840ExploitPatch
- http://www.securityfocus.com/bid/9357ExploitPatch
FAQ
What is CVE-2004-1796?
CVE-2004-1796 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config...
How severe is CVE-2004-1796?
CVE-2004-1796 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1796?
Check the references section above for vendor advisories and patch information. Affected products include: Hotnews Hotnews.