CVE-2004-2740
phprojekt - Remote File Inclusion via authform.inc.php path_pre Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13660
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/12613
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12116
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1012708
Various Sources x_refsource_confirm
http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=193
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18683
Scores
EPSS
0.0147
EPSS Percentile
70.7%
Details
CWE
CWE-94
Status
published
Products (13)
phprojekt/phprojekt
2.0
phprojekt/phprojekt
2.0.1
phprojekt/phprojekt
2.1
phprojekt/phprojekt
2.1a
phprojekt/phprojekt
2.2
phprojekt/phprojekt
2.3
phprojekt/phprojekt
2.4
phprojekt/phprojekt
2.4a
phprojekt/phprojekt
3.0
phprojekt/phprojekt
3.1
... and 3 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026