CVE-2004-0327

PhpNewsManager 1.46 - Directory Traversal via clang Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-0327. PoCs published by G00db0y, anonymous, Dave Wilson.

AI-analyzed exploit summary The provided code is a writeup describing a directory traversal vulnerability in phpNewsManager, allowing remote attackers to access sensitive files outside the web root via a crafted request to functions.php.

Description

Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.

Exploits (4)

exploitdb WRITEUP VERIFIED
by G00db0y · textwebappsphp
https://www.exploit-db.com/exploits/23742

The provided code is a writeup describing a directory traversal vulnerability in phpNewsManager, allowing remote attackers to access sensitive files outside the web root via a crafted request to functions.php.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: phpNewsManager (version not specified)
No auth needed
Prerequisites: Access to the target web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · phpremotephp
https://www.exploit-db.com/exploits/21266

This exploit bypasses PHP's 'safe_mode' restrictions by leveraging the MySQL client library's failure to honor these restrictions. It uses a LOAD DATA statement to read files from restricted areas of the filesystem, such as '/etc/passwd'.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: PHP with MySQL client library (versions affected by CVE-2004-0327)
Auth required
Prerequisites: PHP with 'safe_mode' enabled · MySQL client library vulnerable to CVE-2004-0327 · Valid MySQL credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · phpremotephp
https://www.exploit-db.com/exploits/21265

This exploit demonstrates a bypass of PHP's 'safe_mode' restrictions by leveraging the MySQL client library's failure to honor these restrictions. It uses a LOAD DATA LOCAL INFILE statement to read files from restricted areas of the filesystem, such as '/etc/passwd'.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: PHP with MySQL client library (versions affected by CVE-2002-0229)
Auth required
Prerequisites: PHP with 'safe_mode' enabled · MySQL server access with sufficient privileges to create databases and tables · MySQL client library vulnerable to CVE-2002-0229
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Dave Wilson · phpremotephp
https://www.exploit-db.com/exploits/21264

This exploit bypasses PHP's safe_mode restrictions by leveraging the MySQL client library's failure to honor safe_mode. It uses a LOAD DATA statement to read arbitrary files from the filesystem and outputs their contents.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHP with MySQL client library (safe_mode enabled)
Auth required
Prerequisites: MySQL server access · Valid MySQL credentials · PHP safe_mode enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9720
Various Sources x_refsource_misc
http://www.zone-h.org/advisories/read/id=4024
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15283
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107772470111000&w=2

Scores

EPSS 0.0795
EPSS Percentile 94.0%

Details

Status published
Products (1)
skintech/phpnewsmanager 1.36
Published Nov 23, 2004
Tracked Since Feb 18, 2026