Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1135

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1135
Last Modified 10 Sep 2008 03:13:55
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1135

Summary

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.

Vulnerable Systems

Application

  • Phpwebsite 0.8.2


References

CONFIRM - http://phpwebsite.appstate.edu/article.php?sid=400

BUGTRAQ - 20020922 PHP source injection in phpWebSite

BID - 5779

OSVDB - 3848

XF - phpwebsite-modsecurity-file-include(10164)


Last Updated: 27 May 2016 10:37:12