CVE-2004-1820

4nalbum_module 0.92 - Remote File Inclusion via basepath Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1820. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in 4nAlbum, including remote file inclusion, XSS, SQL injection, and information disclosure. It outlines affected scripts and attack vectors but does not include executable exploit code.

Description

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Janek Vind · textwebappsphp

https://www.exploit-db.com/exploits/23815

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in 4nAlbum, including remote file inclusion, XSS, SQL injection, and information disclosure. It outlines affected scripts and attack vectors but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak | Xss | Sqli | Other

Complexity

Trivial

Reliability

Theoretical

Target: 4nAlbum 0.92

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK