Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1032

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1032
Last Modified 05 Sep 2008 04:25:31
Published 24 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1032

Summary

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 5.2


References

XF - php-nuke-admin-file-overwrite(7170)

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=113892

BUGTRAQ - 20010924 twlc advisory: all versions of php nuke are vulnerable...

BID - 3361


Last Updated: 27 May 2016 10:36:30