CVE-2001-1370
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/07/2001
Last modified:
03/04/2025
Description
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:phplib_team:phplib:7.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:phplib_team:phplib:7.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:phplib_team:phplib:7.2b:*:*:*:*:*:*:* | ||
cpe:2.3:a:phplib_team:phplib:7.2c:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
- http://marc.info/?l=bugtraq&m=99616122712122&w=2
- http://online.securityfocus.com/archive/1/198495
- http://www.debian.org/security/2001/dsa-073
- http://www.iss.net/security_center/static/6892.php
- http://www.securityfocus.com/archive/1/198768
- http://www.securityfocus.com/bid/3079
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
- http://marc.info/?l=bugtraq&m=99616122712122&w=2
- http://online.securityfocus.com/archive/1/198495
- http://www.debian.org/security/2001/dsa-073
- http://www.iss.net/security_center/static/6892.php
- http://www.securityfocus.com/archive/1/198768
- http://www.securityfocus.com/bid/3079