CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1370

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile6.00th
PublishedJul 21, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.

Affected Platforms (CPE)

πŸ“¦
Phplib Team

Phplib

= 7.2
πŸ“¦
Phplib Team

Phplib

= 7.2.1
πŸ“¦
Phplib Team

Phplib

= 7.2b
πŸ“¦
Phplib Team

Phplib

= 7.2c

References & Advisories

πŸ”— ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
πŸ”— http://marc.info/?l=bugtraq&m=99616122712122&w=2
πŸ”— http://online.securityfocus.com/archive/1/198495
πŸ”— http://www.debian.org/security/2001/dsa-073
πŸ”— http://www.iss.net/security_center/static/6892.php
πŸ”— http://www.securityfocus.com/archive/1/198768
πŸ”— http://www.securityfocus.com/bid/3079

Related Vulnerabilities

CVE-2006-08877.5

Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distributio...

CVE-2006-28267.5

SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary ...

CVE-2007-62896.8

Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PH...

CVE-2006-33615.1

PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers ...

CVE-2001-1370 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space