CVE: CVE-2004-0285

Export to Word

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.29934
Percentile: 0.96435

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-829 : Inclusion of Functionality from Untrusted Control Sphere

All CAPEC(s)

CAPEC-175: Code Inclusion
CAPEC-201: Serialized Data External Linking
CAPEC-228: DTD Injection
CAPEC-251: Local Code Inclusion
CAPEC-252: PHP Local File Inclusion
CAPEC-253: Remote Code Inclusion
CAPEC-263: Force Use of Corrupted Files
CAPEC-538: Open-Source Library Manipulation
CAPEC-549: Local Execution of Code
CAPEC-640: Inclusion of Code in Existing Process
CAPEC-660: Root/Jailbreak Detection Evasion via Hooking
CAPEC-695: Repo Jacking
CAPEC-698: Install Malicious Extension

CAPEC(s) with Mapped TTPs

CAPEC-251: Local Code Inclusion
Mapped TTPs:
- T1055 : Process Injection
CAPEC-538: Open-Source Library Manipulation
Mapped TTPs:
- T1195.001 : Compromise Software Dependencies and Development Tools
CAPEC-640: Inclusion of Code in Existing Process
Mapped TTPs:
- T1505.005 : Terminal Services DLL
- T1574.006 : Dynamic Linker Hijacking
- T1574.013 : KernelCallbackTable
- T1620 : Reflective Code Loading
CAPEC-660: Root/Jailbreak Detection Evasion via Hooking
Mapped TTPs:
- T1055 : Process Injection
CAPEC-695: Repo Jacking
Mapped TTPs:
- T1195.001 : Compromise Software Dependencies and Development Tools
CAPEC-698: Install Malicious Extension
Mapped TTPs:
- T1176 : Software Extensions
- T1505.004 : IIS Components

Mapped ATT&CK TTPs

T1055 : Process Injection
Kill Chain: defense-evasion
T1195.001 : Compromise Software Dependencies and Development Tools
Kill Chain: initial-access
T1505.005 : Terminal Services DLL
Kill Chain: persistence
T1574.006 : Dynamic Linker Hijacking
Kill Chain: persistence
T1574.013 : KernelCallbackTable
Kill Chain: persistence
T1620 : Reflective Code Loading
Kill Chain: defense-evasion
T1055 : Process Injection
Kill Chain: defense-evasion
T1195.001 : Compromise Software Dependencies and Development Tools
Kill Chain: initial-access
T1176 : Software Extensions
Kill Chain: persistence
T1505.004 : IIS Components
Kill Chain: persistence

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
ArcaneDoor
2015 Ukraine Electric Power Attack
Operation Dream Job
Operation Sharpshooter
Cutting Edge

Affected Products

cpe:2.3:a:allmyguests_project:allmyguests:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.4:*:*:*:*:*:*:*
cpe:2.3:a:allmyguests_project:allmyguests:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:allmylinks_project:allmylinks:0.5:*:*:*:*:*:*:*
cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.3:*:*:*:*:*:*:*
cpe:2.3:a:allmyvisitors_project:allmyvisitors:0.4:*:*:*:*:*:*:*

← Back to Home