CVE-2003-1412

critical

Description

PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11408

http://www.securitytracker.com/id?1006162

http://www.securityfocus.com/archive/1/313282/30/25760/threaded

http://secunia.com/advisories/8120

http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html

Details

Source: Mitre, NVD

Published: 2003-12-31

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical