CVE-2003-1412 Information

Description

PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php (3) 5terminals/index.php (4) 4mailinglists/index.php (5) 3departaments/index.php and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html http://secunia.com/advisories/8120 http://www.securityfocus.com/archive/1/313282/30/25760/threaded http://www.securityfocus.com/bid/6922 http://www.securitytracker.com/id?1006162 https://exchange.xforce.ibmcloud.com/vulnerabilities/11408