CVE-2005-1181

Ariadne CMS 2.4 - Code Injection

Title source: llm

Description

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005

Exploits (1)

exploitdb WORKING POC VERIFIED

by Fidel Costa · perlwebappsphp

https://www.exploit-db.com/exploits/25431

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/15549

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1013721

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/20611

Scores

EPSS 0.0538

EPSS Percentile 90.1%

Details

Status published

Products (1)

ariadne/ariadne_cms 2.4

Published May 02, 2005

Tracked Since Feb 18, 2026