CVE-2003-1292 - PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to inclu

CVE-2003-1292

Summary

PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.

References

Vulnerable Configurations

cpe:2.3:a:ashwebstudio:ashnews:0.83:*:*:*:*:*:*:*
cpe:2.3:a:ashwebstudio:ashnews:0.83:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	16436 18248
bugtraq	20030720 sorry, wrong file
confirm	http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
exploit-db	1864
fulldisc	20060130 Re: ashnews Cross-Site Scripting Vulnerability 20060131 Re: ashnews Cross-Site Scripting Vulnerability
secunia	9331

Last major update

11-10-2017 - 01:29

Published

31-12-2003 - 05:00

Last modified

11-10-2017 - 01:29