CVE-2003-1292 - OpenCVE

PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ashwebstudio	Ashnews

Configuration 1 [-]

cpe:2.3:a:ashwebstudio:ashnews:0.83:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html	Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html
http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
http://secunia.com/advisories/9331
http://www.securityfocus.com/archive/1/329910	Exploit
http://www.securityfocus.com/bid/16436	Exploit
http://www.securityfocus.com/bid/18248
https://www.exploit-db.com/exploits/1864

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-02T11:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2006-02-02T00:00:00

Link: CVE-2003-1292

JSON object: View

NVD Information

Status : Modified

Published: 2003-12-31T05:00:00.000

Modified: 2017-10-11T01:29:18.997

Link: CVE-2003-1292

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1864", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/1864"}, {"name": "18248", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18248"}, {"name": "20060131 Re: ashnews Cross-Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html"}, {"name": "9331", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/9331"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0"}, {"name": "20030720 sorry, wrong file", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/329910"}, {"name": "20060131 Re: ashnews Cross-Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html"}, {"name": "20060130 Re: ashnews Cross-Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html"}, {"name": "16436", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16436"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1292", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1864", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1864"}, {"name": "18248", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18248"}, {"name": "20060131 Re: ashnews Cross-Site Scripting Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html"}, {"name": "9331", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/9331"}, {"name": "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0", "refsource": "CONFIRM", "url": "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0"}, {"name": "20030720 sorry, wrong file", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/329910"}, {"name": "20060131 Re: ashnews Cross-Site Scripting Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html"}, {"name": "20060130 Re: ashnews Cross-Site Scripting Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html"}, {"name": "16436", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16436"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1292", "datePublished": "2006-02-02T11:00:00", "dateReserved": "2006-02-02T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}