| Vulnerability Name: | CVE-2001-1049 (CCN-7215) | ||||||||
| Assigned: | 2001-10-02 | ||||||||
| Published: | 2001-10-02 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: BUGTRAQ Type: Patch, Vendor Advisory 20011002 results of semi-automatic source code audit Source: CCN Type: BugTraq Mailing List, Tue Oct 02 2001 - 16:59:09 CDT results of semi-automatic source code audit Source: MITRE Type: CNA CVE-2001-1048 Source: MITRE Type: CNA CVE-2001-1049 Source: MITRE Type: CNA CVE-2001-1050 Source: MITRE Type: CNA CVE-2001-1051 Source: MITRE Type: CNA CVE-2001-1052 Source: MITRE Type: CNA CVE-2001-1054 Source: MITRE Type: CNA CVE-2001-1234 Source: MITRE Type: CNA CVE-2001-1235 Source: MITRE Type: CNA CVE-2001-1236 Source: MITRE Type: CNA CVE-2001-1237 Source: MITRE Type: CNA CVE-2001-1296 Source: MITRE Type: CNA CVE-2001-1297 Source: MITRE Type: CNA CVE-2001-1298 Source: MITRE Type: CNA CVE-2001-1299 Source: CCN Type: Empris Web site Empris Source: CCN Type: AWOL Web site Project details for AWOL Source: CCN Type: Webodex Web site Webodex Source: CCN Type: myphpPagetool Web site Welcome to myphpPagetool Source: CCN Type: Phorecast Web site What is Phorecast? Source: CONFIRM Type: UNKNOWN http://phorecast.org/ Source: CCN Type: SourceForge.net Project: SIPS Source: CCN Type: CCCSoftware Web site CCC Source: XF Type: UNKNOWN php-includedir-code-execution(7215) Source: CCN Type: US-CERT VU#847803 Php variables passed from the browser are stored in global context Source: CCN Type: more.groupware Web site latest news Source: CCN Type: OSVDB ID: 13058 Empris includedir Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 13059 CCCSoftware CCC includedir Remote File Inclusion Source: CCN Type: OSVDB ID: 13060 Dark Hart Portal darkportal includedir Remote File Inclusion Source: CCN Type: OSVDB ID: 13090 Webodex CGI Script Remote File Inclusion Source: CCN Type: OSVDB ID: 1959 AWOL helperfunction.php includedir Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 1960 Actionpoll includedir Remote File Inclusion Source: CCN Type: OSVDB ID: 1961 ZorbStats includedir Remote File Inclusion Source: CCN Type: OSVDB ID: 1962 Phorecast Arbitrary File Inclusion Source: CCN Type: OSVDB ID: 1963 phpAdsNew helperfunction.php Remote File Inclusion Source: CCN Type: OSVDB ID: 1964 Phormation phormationdir Arbitrary File Inclusion Source: CCN Type: OSVDB ID: 1965 myphpPagetool helperfunction.php includedir Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 1966 pSlash includedir Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 1967 Bharat Mediratta Gallery includedir Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 35356 ActionPoll actionpoll.php CONFIG_POLLDB Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 35357 ActionPoll db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 37417 ActionPoll db/PollDB.php CONFIG_DATAREADERWRITER Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 5433 More.groupware Remote File Inclusion Source: CCN Type: PeaceWorks Computer Consulting Web site Phormation Source: CCN Type: pSlash Web site pSlash Web Portal System Source: CCN Type: BID-3383 Marc Logemann More.groupware Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3384 Actionpoll Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3385 Grant Horwood Webodex Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3386 Zorbat ZorbStats Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3387 AWOL Remote Arbitrary Code Execution Vulnerability Source: BID Type: Vendor Advisory 3388 Source: CCN Type: BID-3388 Paul M. Jones Phorecast Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3389 CCC Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3390 Dark Hart Portal Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3391 Empris Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3392 PHPAdsNew Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3393 Peaceworks Computer Consulting Phormation Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3394 Sebastian Bunka myphpPagetool Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3395 Derek Leung pSlash Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3396 Haakon Nilsen SIPS Remote Arbitrary Code Execution Vulnerability Source: CCN Type: BID-3397 Bharat Mediratta Gallery Remote Arbitrary Code Execution Vulnerability Source: XF Type: UNKNOWN php-includedir-code-execution(7215) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||