CVE-2001-1370

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/07/2001
Last modified:
03/04/2025

Description

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:phplib_team:phplib:7.2:*:*:*:*:*:*:*
cpe:2.3:a:phplib_team:phplib:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:phplib_team:phplib:7.2b:*:*:*:*:*:*:*
cpe:2.3:a:phplib_team:phplib:7.2c:*:*:*:*:*:*:*