CVE-2001-1370

2001-07-21T04:00:00
ID CVE-2001-1370
Type cve
Reporter cve@mitre.org
Modified 2016-10-18T02:14:00

Description

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.