var-200109-0004
Vulnerability from variot
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. PHP Nuke is a website creation/maintenance tool written in PHP3. PHP Nuke contains a vulnerability in 'admin.php' that may allow for remote attackers to overwrite files with custom data on target webservers. May allow for an attacker to gain access to the host, cause denial of service or deface the target website. PostNuke, a derivative of PHP Nuke, is also vulnerable. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200109-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "php nuke",
"version": null
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "3.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "2.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "1.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "supergate\u203b supergate@twlc.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
}
],
"trust": 0.6
},
"cve": "CVE-2001-1032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1032",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3837",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#933955",
"trust": 0.8,
"value": "4.28"
},
{
"author": "CNNVD",
"id": "CNNVD-200109-125",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3837",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. PHPNuke\u0027s \"admin.php\" script does not properly authenticate users of its filemanager capabilities. PHP Nuke is a website creation/maintenance tool written in PHP3. \nPHP Nuke contains a vulnerability in \u0027admin.php\u0027 that may allow for remote attackers to overwrite files with custom data on target webservers. \nMay allow for an attacker to gain access to the host, cause denial of service or deface the target website. \nPostNuke, a derivative of PHP Nuke, is also vulnerable. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1032"
},
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "VULHUB",
"id": "VHN-3837"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3361",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2001-1032",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#933955",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010924 TWLC ADVISORY: ALL VERSIONS OF PHP NUKE ARE VULNERABLE...",
"trust": 0.6
},
{
"db": "XF",
"id": "7170",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3837",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"id": "VAR-200109-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3837"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:14:58.370000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.securityfocus.com/bid/3361"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html"
},
{
"trust": 2.7,
"url": "http://sourceforge.net/forum/forum.php?forum_id=113892"
},
{
"trust": 2.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7170"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/unixfocus/5fp0l1f5fs.html"
},
{
"trust": 0.8,
"url": "http://www.twlc.net/article.php?sid=421"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/tracker/?group_id=7511"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/7170.php"
},
{
"trust": 0.3,
"url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#933955"
},
{
"date": "2001-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-3837"
},
{
"date": "2001-09-24T00:00:00",
"db": "BID",
"id": "3361"
},
{
"date": "2001-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"date": "2001-09-24T04:00:00",
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#933955"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3837"
},
{
"date": "2001-09-24T00:00:00",
"db": "BID",
"id": "3361"
},
{
"date": "2012-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"date": "2024-11-20T23:36:42.650000",
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHPNuke \u0027admin.php\u0027 script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…