Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1052

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1052
Last Modified 05 Sep 2008 04:25:34
Published 02 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1052

Summary

Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Vulnerable Systems

Application

  • Emergenices Personnel Information System Empris 0.4

  • Emergenices Personnel Information System Empris 2001-08-10

  • Emergenices Personnel Information System Empris 2001-09-08


References

XF - php-includedir-code-execution(7215)

BUGTRAQ - 20011002 results of semi-automatic source code audit

BID - 3391


Last Updated: 27 May 2016 10:36:30