CVE-2004-2010

Vulnerability

phpShop versions 0.7.1 and earlier contain a remote file inclusion vulnerability in index.php. When PHP's register_globals is disabled and the PHP version is 4.1 or later, the application attempts to work around this by registering variables from the request. The base_dir parameter is not properly sanitized, allowing an attacker to supply a URL to a remote web server hosting a crafted phpshop.cfg file. This file is then included and executed by the script [1][2].

Exploitation

An attacker can exploit this vulnerability without authentication. They need only to send a crafted HTTP request to the vulnerable index.php script, setting the base_dir parameter to a URL pointing to a remote server under their control that contains a malicious phpshop.cfg file. The attacker does not require any special network position or user interaction beyond the initial request [1][2].

Impact

Successful exploitation allows the attacker to execute arbitrary PHP code with the privileges of the web server. This can lead to full compromise of the application, including disclosure of sensitive data, modification of files, and potentially further server-side attacks [1][2].

Mitigation

No official patch was released by the vendor for this vulnerability. The developer was contacted but did not respond within a week of disclosure [2]. Users of phpShop 0.7.1 or earlier should upgrade to a newer version if available, or migrate to an alternative e-commerce platform. As of the publication date, no fix is known and the software may be considered end-of-life. This CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.