CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1025

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile15.28th
PublishedAug 31, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

Affected Platforms (CPE)

πŸ“¦
Francisco Burzi

Php Nuke

= 5.0
πŸ“¦
Francisco Burzi

Php Nuke

= 5.0.1

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
πŸ”— http://www.securityfocus.com/bid/3149
πŸ”— http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
πŸ”— http://www.securityfocus.com/bid/3149

Related Vulnerabilities

CVE-2007-137210.0

PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote...

CVE-2005-301610.0

Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.

CVE-2001-032010.0

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privi...

CVE-2007-177810.0

PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attacker...