CVE-2004-1796

N/A Unknown

Published: December 31, 2004 Modified: April 16, 2026

Description

PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/10551

Source: cve@mitre.org

Patch

http://securitytracker.com/id?1008608

Source: cve@mitre.org

Exploit Patch

http://sourceforge.net/forum/forum.php?forum_id=342594

Source: cve@mitre.org

Patch

http://www.osvdb.org/3332

Source: cve@mitre.org

http://www.osvdb.org/3405

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/348840

Source: cve@mitre.org

Exploit Patch

http://www.securityfocus.com/bid/9357

Source: cve@mitre.org

Exploit Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/14140

Source: cve@mitre.org

http://secunia.com/advisories/10551