CVE-2004-0237

Aprox PHP Portal - Unauthenticated Directory Traversal via Show Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0237. PoCs published by Zero X.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in Aprox Portal, allowing remote attackers to read arbitrary files accessible by the web server. The example demonstrates accessing /etc/passwd via a crafted URL parameter.

Description

Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Zero X · textwebappsphp
https://www.exploit-db.com/exploits/23630

The provided text describes a directory traversal vulnerability in Aprox Portal, allowing remote attackers to read arbitrary files accessible by the web server. The example demonstrates accessing /etc/passwd via a crafted URL parameter.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Aprox Portal (version unspecified)
No auth needed
Prerequisites: Web server with Aprox Portal installed · File read permissions for the web server user
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15014
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1008915
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/10859
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9540
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107577555527321&w=2

Scores

EPSS 0.0727
EPSS Percentile 93.6%

Details

Status published
Published Nov 23, 2004
Tracked Since Feb 18, 2026