CVE-2003-1253

Bookmark4U 1.8.3 - Remote Code Execution via Prefix Parameter

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.

References (2)

Core 2
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/11009.php
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html

Scores

EPSS 0.0144
EPSS Percentile 69.9%

Details

CWE
CWE-94
Status published
Products (1)
sangwan_kim/bookmark4u 1.8.3
Published Dec 31, 2003
Tracked Since Feb 18, 2026