ID CVE-2001-1235
Summary pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
References
Vulnerable Configurations
  • cpe:2.3:a:derek_leung:pslash:0.70:*:*:*:*:*:*:*
    cpe:2.3:a:derek_leung:pslash:0.70:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-09-2008 - 19:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 3395
bugtraq 20011002 results of semi-automatic source code audit
cert-vn VU#847803
xf php-includedir-code-execution(7215)
Last major update 10-09-2008 - 19:09
Published 02-10-2001 - 04:00
Back to Top