CVE-2004-1592

ocPortal <1.0.3 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Exoduks · textwebappsphp

https://www.exploit-db.com/exploits/574

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=109763314312828&w=2

[Patch] http://secunia.com/advisories/12811/

[Exploit, Vendor Advisory] http://www.hackgen.org/advisories/hackgen-2004-002.txt

[Patch] http://www.securityfocus.com/bid/11368

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17699

Scores

EPSS 0.0485

EPSS Percentile 89.4%

Classification

Status draft

Affected Products (1)

ocportal/ocportal

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026