Lucene search

[email protected]CVE-2001-1025

HistoryAug 31, 2001 - 4:00 a.m.

CVE-2001-1025

2001-08-3104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

php-nuke 5.x

sql vulnerability

remote attack

unauthorized access

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the “prefix” variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

CPENameOperatorVersion
francisco_burzi:php-nukefrancisco burzi php-nukeeq5.0
francisco_burzi:php-nukefrancisco burzi php-nukeeq5.0.1

CPE	Name	Operator	Version
francisco_burzi:php-nuke	francisco burzi php-nuke	eq	5.0
francisco_burzi:php-nuke	francisco burzi php-nuke	eq	5.0.1

References

archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html

www.securityfocus.com/bid/3149

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2001-1025

nessus1