Lucene search

[email protected]CVE-2002-1135

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-1135

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

modsecurity

phpwebsite

remote code execution

cve-2002-1135

security vulnerability

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.

CPENameOperatorVersion
phpwebsite:phpwebsitephpwebsiteeq0.8.2

CPE	Name	Operator	Version
phpwebsite:phpwebsite	phpwebsite	eq	0.8.2

References

marc.info/?l=bugtraq&m=103279980906880&w=2

phpwebsite.appstate.edu/article.php?sid=400

www.iss.net/security_center/static/10164.php

www.osvdb.org/3848

www.securityfocus.com/bid/5779

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON