CVE-2004-2368

Opt-X 0.7.2 - Remote File Inclusion via systempath Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2368. PoCs published by Zone-h Security Team.

AI-analyzed exploit summary This is a writeup describing a remote file include vulnerability in Opt-X 0.7.2. The issue arises due to improper sanitization of the 'systempath' variable in header.php, allowing remote code execution via arbitrary file inclusion.

Description

PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Zone-h Security Team · textdosphp
https://www.exploit-db.com/exploits/23750

This is a writeup describing a remote file include vulnerability in Opt-X 0.7.2. The issue arises due to improper sanitization of the 'systempath' variable in header.php, allowing remote code execution via arbitrary file inclusion.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Opt-X 0.7.2
No auth needed
Prerequisites: Network access to the target · Opt-X 0.7.2 installed with vulnerable configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.zone-h.org/en/advisories/read/id=4036/
Patch, URL Repurposed x_refsource_confirm
http://www.opt-x.org/index.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9732
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15296

Scores

EPSS 0.0276
EPSS Percentile 84.3%

Details

Status published
Published Dec 31, 2004
Tracked Since Feb 18, 2026