CVE-2003-1314 - Vulnerability Details - OpenCVE

PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eternalmart	Eternalmart Guestbook

Configuration 1 [-]

cpe:2.3:a:eternalmart:eternalmart_guestbook:1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securitytracker.com/id?1007885
http://www.securityfocus.com/archive/1/340244
http://www.securityfocus.com/bid/21720
http://www.securityfocus.com/bid/8767
https://www.exploit-db.com/exploits/2980

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-27T00:00:00

Updated: 2024-08-08T02:19:46.215Z

Reserved: 2006-12-26T00:00:00

Link: CVE-2003-1314

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2003-12-31T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2003-1314

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20031004 EMML, EMGB : Include() hole", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://www.securityfocus.com/archive/1/340244"}, {"name": "1007885", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1007885"}, {"name": "21720", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21720"}, {"name": "8767", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/8767"}, {"name": "2980", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2980"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1314", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20031004 EMML, EMGB : Include() hole", "refsource": "VULNWATCH", "url": "http://www.securityfocus.com/archive/1/340244"}, {"name": "1007885", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1007885"}, {"name": "21720", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21720"}, {"name": "8767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8767"}, {"name": "2980", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2980"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:19:46.215Z"}, "title": "CVE Program Container", "references": [{"name": "20031004 EMML, EMGB : Include() hole", "tags": ["mailing-list", "x_refsource_VULNWATCH", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/340244"}, {"name": "1007885", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1007885"}, {"name": "21720", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21720"}, {"name": "8767", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/8767"}, {"name": "2980", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2980"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1314", "datePublished": "2006-12-27T00:00:00", "dateReserved": "2006-12-26T00:00:00", "dateUpdated": "2024-08-08T02:19:46.215Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eternalmart:eternalmart_guestbook:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7BFC7692-793D-46EC-BE4A-210E1B9B1180", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter."}], "id": "CVE-2003-1314", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1007885"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/340244"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21720"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/8767"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1007885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/340244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/8767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2980"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}