CVE-2001-1370

Published Jul 21, 2001

Last updated 8 years ago

Overview

Description: prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phplib_team:phplib:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0FE0678-B66B-470D-8541-D76BACBA4E9E"
          },
          {
            "criteria": "cpe:2.3:a:phplib_team:phplib:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8359F6CF-017A-4DC6-A9CA-8A7F6BF4CDBF"
          },
          {
            "criteria": "cpe:2.3:a:phplib_team:phplib:7.2b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A64F1247-13DB-48A2-9E9F-C33CC791B365"
          },
          {
            "criteria": "cpe:2.3:a:phplib_team:phplib:7.2c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DACBE05-AE41-49ED-8F27-0D836A190859"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References