CVE-2004-0285 in AllMyVisitors
Summary
by MITRE
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/03/2025
This vulnerability represents a critical remote file inclusion flaw affecting multiple web applications in the AllMyVisitors, AllMyLinks, and AllMyGuests software suites. The vulnerability exists in the include/footer.inc.php file where the _AMVconfig[cfg_serverpath] parameter is not properly validated before being used in file inclusion operations. This allows remote attackers to inject malicious URLs that are then executed as PHP code on the target server, creating a severe security risk that can lead to complete system compromise.
The technical implementation of this vulnerability stems from improper input validation and sanitization within the web application's configuration handling mechanism. When the application processes the _AMVconfig[cfg_serverpath] parameter, it directly incorporates user-supplied input into file inclusion operations without adequate security checks. This pattern aligns with CWE-98, which describes improper file inclusion vulnerabilities where attacker-controllable input is used to determine file paths. The vulnerability essentially creates a pathway for attackers to execute arbitrary code on the server by leveraging the application's legitimate file inclusion functionality.
From an operational impact perspective, this vulnerability enables attackers to gain unauthorized access to the affected web servers and execute malicious code with the privileges of the web application. The implications extend beyond simple code execution to include potential data breaches, system compromise, and lateral movement within the network. Attackers can upload backdoors, steal sensitive information, modify database contents, or use the compromised server as a launch point for further attacks. This vulnerability directly maps to ATT&CK technique T1190, which covers exploitation of remote services, and T1059, which involves execution through command and scripting interpreters.
The exploitation of this vulnerability requires minimal technical skill and can be automated through various attack vectors. Attackers typically craft malicious URLs with PHP code snippets or references to remote malicious servers, then submit these through the vulnerable parameter to achieve code execution. The attack surface is particularly concerning as these applications are often deployed in shared hosting environments where multiple applications share the same server resources, potentially allowing attackers to compromise entire hosting platforms. Organizations should implement immediate mitigations including input validation, parameter sanitization, and removal of vulnerable code paths to prevent exploitation of this critical vulnerability.