CVE-2001-1025

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

Published: Aug 31, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1025
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
francisco_burzi / php-nuke	5.0	5.0.x
francisco_burzi / php-nuke	5.0.1	5.0.1.x

http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
http://www.securityfocus.com/bid/3149

Vulnerability Database

289,697

CVE-2001-1025