Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2001-1025 | First vendor Publication | 2001-08-31 |
Vendor | Cve | Last vendor Modification | 2008-09-05 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1025 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-77 | Manipulating User-Controlled Variables |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
6241 | PHP-Nuke modules.php Local Arbitrary Code Execution |
6240 | PHP-Nuke modules.php Recursive File Inclusion DoS PHP-Nuke contains a flaw in modules.php that may allow a remote denial of service. The issue is triggered when a specially crafted URL is passed, and will result in loss of availability for the web server. |
6239 | PHP-Nuke article.php Arbitrary SQL Query PHP Nuke article.php contains a flaw that may allow a malicious user to perform arbitrary SQL operations. The issue is triggered when modifying the $prefix variable of article.php. If a remote attacker knows the database name that PHP-Nuke is using, and the webserver is able to connect to it without a password, it is possible that the attacker can submit his own value for the $prefix variable and modify SQL queries to gain unauthorized administrative access to the database, resulting in loss of confidentiality and integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-02-17 | Name : A remote web application might be affected by several vulnerabilities. File : php_nuke_installed.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
BID | http://www.securityfocus.com/bid/3149 |
VULNWATCH | http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html |
Alert History
Date | Informations |
---|---|
2021-05-04 12:01:29 |
|
2021-04-22 01:01:38 |
|
2020-05-23 00:14:45 |
|
2014-02-17 10:24:05 |
|
2013-05-11 12:05:57 |
|