CVE-2001-0320

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.

Published: May 3, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0320
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
francisco_burzi / php-nuke	4.4	4.4.x
francisco_burzi / php-nuke	4.0.4	4.0.4.x

http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html

Vulnerability Database

289,697

CVE-2001-0320