CyberSec.Space Logo
返回 CVE 浏览器

CVE-2001-1025

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile15.28th
Published2001年8月31日
Last Modified2026年4月16日

Vulnerability Description

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

Affected Platforms (CPE)

📦
Francisco Burzi

Php Nuke

= 5.0
📦
Francisco Burzi

Php Nuke

= 5.0.1

References & Advisories

🔗 http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
🔗 http://www.securityfocus.com/bid/3149
🔗 http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
🔗 http://www.securityfocus.com/bid/3149

相关漏洞威胁

CVE-2007-137210.0

PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote...

CVE-2005-301610.0

Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.

CVE-2001-032010.0

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privi...

CVE-2007-177810.0

PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attacker...