CVE-2004-0071

PHP Man Page Lookup <1.2.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0071. PoCs published by Cabezon Aurelien.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Andy's PHP Projects Man Page Lookup script. By manipulating the 'command' parameter, an attacker can read arbitrary files on the server, such as '/etc/resolv.conf'.

Description

Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Cabezon Aurelien · textwebappsphp
https://www.exploit-db.com/exploits/23536

This exploit demonstrates an information disclosure vulnerability in Andy's PHP Projects Man Page Lookup script. By manipulating the 'command' parameter, an attacker can read arbitrary files on the server, such as '/etc/resolv.conf'.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Andy's PHP Projects Man Page Lookup script
No auth needed
Prerequisites: A vulnerable instance of Andy's PHP Projects Man Page Lookup script
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1008689
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107392764118403&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14203
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9395

Scores

EPSS 0.0714
EPSS Percentile 93.5%

Details

Status published
Published Feb 17, 2004
Tracked Since Feb 18, 2026