CVE-2004-1554

@lex Guestbook - Remote File Inclusion Code Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1554. PoCs published by Himeur Nourredine.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in @lexPHPTeam @lex Guestbook software, allowing attackers to execute arbitrary PHP code by manipulating the 'chem_absolu' parameter. No actual exploit code is present, only a description and example URL.

Description

PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Himeur Nourredine · textwebappsphp

https://www.exploit-db.com/exploits/24638

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in @lexPHPTeam @lex Guestbook software, allowing attackers to execute arbitrary PHP code by manipulating the 'chem_absolu' parameter. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: @lexPHPTeam @lex Guestbook (version not specified)

No auth needed

Prerequisites: Vulnerable @lex Guestbook installation · Ability to host a malicious PHP file on an attacker-controlled server

MITRE ATT&CK