CVE-2001-0911

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.

Published: Nov 21, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0911
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
francisco_burzi / php-nuke	5.3.1	5.3.1.x
francisco_burzi / php-nuke	5.1	5.1.x
postnuke_software_foundation / postnuke	0.64	0.64.x
francisco_burzi / php-nuke	5.2	5.2.x

http://marc.info/?l=bugtraq&m=100638850219503&w=2
http://www.securityfocus.com/bid/3567
https://exchange.xforce.ibmcloud.com/vulnerabilities/7596

Vulnerability Database

289,697

CVE-2001-0911