返回 CVE 瀏覽器

CVE-2001-1370

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0040%

EPSS Percentile6.00th

Published2001年7月21日

Last Modified2026年4月16日

Vulnerability Description

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.

Affected Platforms (CPE)

📦

Phplib Team

Phplib

= 7.2

📦

Phplib Team

Phplib

= 7.2.1

📦

Phplib Team

Phplib

= 7.2b

📦

Phplib Team

Phplib

= 7.2c

References & Advisories

🔗 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410

🔗 http://marc.info/?l=bugtraq&m=99616122712122&w=2

🔗 http://online.securityfocus.com/archive/1/198495

🔗 http://www.debian.org/security/2001/dsa-073

🔗 http://www.iss.net/security_center/static/6892.php

🔗 http://www.securityfocus.com/archive/1/198768

🔗 http://www.securityfocus.com/bid/3079

相關漏洞威脅

CVE-2006-08877.5

Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distributio...

CVE-2006-28267.5

SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary ...

CVE-2007-62896.8

Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PH...

CVE-2006-33615.1

PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers ...