CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2001-1334

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1070%
EPSS Percentile6.60th
Published2002年5月19日
Last Modified2026年4月16日

Vulnerability Description

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.

Affected Platforms (CPE)

📦
Phpslash

Phpslash

= 0.5.3.2
📦
Phpslash

Phpslash

= 0.6.1

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html
🔗 http://marc.info/?l=phpslash&m=99029398904419&w=2
🔗 http://www.iss.net/security_center/static/9990.php
🔗 http://www.securityfocus.com/bid/2724
🔗 http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html
🔗 http://marc.info/?l=phpslash&m=99029398904419&w=2
🔗 http://www.iss.net/security_center/static/9990.php
🔗 http://www.securityfocus.com/bid/2724

相關漏洞威脅

CVE-2005-225710.0

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying t...

CVE-2009-051710.0

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code vi...

CVE-2005-44797.5

SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands...

CVE-2001-002110.0

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate...