CVE-2004-0246

Les Commentaires 2.0 - Remote File Inclusion via rep Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-0246. PoCs published by Himeur Nourredine.

AI-analyzed exploit summary The provided text describes a file inclusion vulnerability in Les Commentaires, where an attacker can include external PHP files via the 'rep' parameter. No actual exploit code is present, only a description and example URL.

Description

Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Himeur Nourredine · textwebappsphp

https://www.exploit-db.com/exploits/23619

View Code ZIP pw:eip

The provided text describes a file inclusion vulnerability in Les Commentaires, where an attacker can include external PHP files via the 'rep' parameter. No actual exploit code is present, only a description and example URL.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Les Commentaires (all versions)

No auth needed

Prerequisites: Vulnerable version of Les Commentaires · Ability to host malicious PHP file externally

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Himeur Nourredine · textwebappsphp

https://www.exploit-db.com/exploits/23620

View Code ZIP pw:eip

The provided text describes a file inclusion vulnerability in Les Commentaires, where an attacker can include arbitrary PHP files via the 'rep' parameter in 'derniers_commentaires.php'. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Les Commentaires (all versions)

No auth needed

Prerequisites: Vulnerable version of Les Commentaires · Ability to send HTTP requests to the target

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Himeur Nourredine · textwebappsphp

https://www.exploit-db.com/exploits/23621

View Code ZIP pw:eip

The provided text describes a file include vulnerability in Les Commentaires, allowing remote PHP code execution via the 'rep' parameter in admin.php. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Les Commentaires (all versions)

No auth needed

Prerequisites: Vulnerable Les Commentaires installation · Ability to send HTTP requests to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9536

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10768/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15010

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107584083719763&w=2

Scores

EPSS 0.0442

EPSS Percentile 90.1%

Details

Status published

Products (1)

laurent_adda/les_commentaires 2.0

Published Nov 23, 2004

Tracked Since Feb 18, 2026