CVE-2004-1573

Published: Dec 31, 2004Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.

Affected (6)

Products: Aj Fork: Aj Fork · Cutephp: Cutenews

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Aj Fork Aj Fork	Version 167
Cutephp Cutenews	Version 0.88
Cutephp Cutenews	Version 1.3.1
Cutephp Cutenews	Version 1.3.2
Cutephp Cutenews	Version 1.3.6
Cutephp Cutenews	Version 1.3

References (10)

http://echo.or.id/adv/adv07-y3dips-2004.txt

Source: cve@mitre.org

ExploitVendor Advisory

http://marc.info/?l=bugtraq&m=109664986210763&w=2

Source: cve@mitre.org

http://securitytracker.com/id?1011484

Source: cve@mitre.org

http://www.securityfocus.com/bid/11301

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17571

Source: cve@mitre.org

http://echo.or.id/adv/adv07-y3dips-2004.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://marc.info/?l=bugtraq&m=109664986210763&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1011484

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11301

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/17571

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.