CyberSec.Space Logo
返回 CVE 浏览器

CVE-2001-0320

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1560%
EPSS Percentile3.16th
Published2001年5月3日
Last Modified2026年4月16日

Vulnerability Description

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.

Affected Platforms (CPE)

📦
Francisco Burzi

Php Nuke

= 4.0.4
📦
Francisco Burzi

Php Nuke

= 4.4

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html
🔗 http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html

相关漏洞威胁

CVE-2007-137210.0

PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote...

CVE-2005-301610.0

Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.

CVE-2001-102510.0

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scrip...

CVE-2007-177810.0

PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attacker...