CVE-2004-0249

PHPX <3.2.4 - RCE

Title source: llm

Description

PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Manuel L?pez · phpwebappsphp

https://www.exploit-db.com/exploits/23644

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15052

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15512

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/9569

[Third Party Advisory] http://secunia.com/advisories/10797/

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2004-03/0154.html

[Mailing List] http://marc.info/?l=bugtraq&m=107586932324901&w=2

Scores

EPSS 0.0566

EPSS Percentile 90.4%

Details

Status published

Products (1)

phpx/phpx 3.2.3

Published Nov 23, 2004

Tracked Since Feb 18, 2026