CVE-2004-0285

Name of the Vulnerable Software and Affected Versions AllMyVisitors (affected versions not specified) AllMyLinks (affected versions not specified) AllMyGuests (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the AMVconfig[cfg serverpath] parameter in the include/footer.inc.php file. This can be exploited by providing a malicious URL, potentially leading to code execution on the server.

Recommendations For AllMyVisitors, consider restricting access to the include/footer.inc.php file until a fix is available. For AllMyLinks, avoid using the AMVconfig[cfg serverpath] parameter in the include/footer.inc.php file until the issue is resolved. For AllMyGuests, as a temporary workaround, consider disabling the execution of remote PHP code in the include/footer.inc.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.