CVE-2004-2601 - PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to

CVE-2004-2601

Summary

PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.

References

http://secunia.com/advisories/13652
http://securitytracker.com/id?1012685
http://www.gulftech.org/?node=research&article_id=00058-12242004
http://www.osvdb.org/12631
https://exchange.xforce.ibmcloud.com/vulnerabilities/18695

Vulnerable Configurations

cpe:2.3:a:ubertec:help_center_live:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ubertec:help_center_live:1.2.6:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

misc	http://www.gulftech.org/?node=research&article_id=00058-12242004
osvdb	12631
sectrack	1012685
secunia	13652
xf	help-center-skin-php-file-include(18695)

Last major update

11-07-2017 - 01:32

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:32