Lucene search

[email protected]CVE-2001-1049

HistoryMar 09, 2002 - 5:00 a.m.

CVE-2001-1049

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

phorecast php script

cve-2001-1049

remote attackers

http request

includedir variable

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%

JSON

Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Affected configurations

NVD

Node

paul_m._jonesphorecastRange≤0.40

CPENameOperatorVersion
paul_m._jones:phorecastpaul m. jones phorecastle0.40

CPE	Name	Operator	Version
paul_m._jones:phorecast	paul m. jones phorecast	le	0.40

References

archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

phorecast.org/

www.iss.net/security_center/static/7215.php

www.securityfocus.com/bid/3388

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2001-1049

cvelist1 nvd1