CVE-2003-1148 - Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used

CVE-2003-1148

Summary

Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.

References

Vulnerable Configurations

cpe:2.3:a:les_visiteurs:les_visiteurs:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:les_visiteurs:les_visiteurs:2.0.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	8902
bugtraq	20031026 Les Visiteurs v2.0.1 code injection vulnerability
osvdb	2717 3586
sectrack	1008011 1017065
secunia	10079
xf	les-visiteurs-file-include(13529)

Last major update

11-07-2017 - 01:29

Published

25-10-2003 - 04:00

Last modified

11-07-2017 - 01:29