Vulnerability Details : CVE-2004-1573

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.

Published 2004-12-31 05:00:00

Updated 2017-07-11 01:31:09

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-1573

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1573

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2004-1573

Products affected by CVE-2004-1573

Cutephp » Cutenews » Version: 0.88
cpe:2.3:a:cutephp:cutenews:0.88:*:*:*:*:*:*:*
Matching versions
Cutephp » Cutenews » Version: 1.3
cpe:2.3:a:cutephp:cutenews:1.3:*:*:*:*:*:*:*
Matching versions
Cutephp » Cutenews » Version: 1.3.1
cpe:2.3:a:cutephp:cutenews:1.3.1:*:*:*:*:*:*:*
Matching versions
Cutephp » Cutenews » Version: 1.3.2
cpe:2.3:a:cutephp:cutenews:1.3.2:*:*:*:*:*:*:*
Matching versions
Cutephp » Cutenews » Version: 1.3.6
cpe:2.3:a:cutephp:cutenews:1.3.6:*:*:*:*:*:*:*
Matching versions
Aj-fork » Aj-fork » Version: 167
cpe:2.3:a:aj-fork:aj-fork:167:*:*:*:*:*:*:*
Matching versions