Lucene search

[email protected]CVE-2001-1237

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2001-1237

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

remote code execution

rce

phormation

php script

http request

vulnerability

cve-2001-1237

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.

Affected configurations

NVD

Node

peaceworks_computer_consultingphormationRange≤0.9.1

CPENameOperatorVersion
peaceworks_computer_consulting:phormationpeaceworks computer consulting phormationle0.9.1

CPE	Name	Operator	Version
peaceworks_computer_consulting:phormation	peaceworks computer consulting phormation	le	0.9.1

References

archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

www.iss.net/security_center/static/7215.php

www.kb.cert.org/vuls/id/847803

www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz

www.securityfocus.com/bid/3393

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2001-1237

cvelist1 nvd1