Vulnerability Name:

CVE-2001-1235 (CCN-7215)

Assigned:2001-10-02
Published:2001-10-02
Updated:2008-09-10
Summary:pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: BUGTRAQ
Type: UNKNOWN
20011002 results of semi-automatic source code audit

Source: CCN
Type: BugTraq Mailing List, Tue Oct 02 2001 - 16:59:09 CDT
results of semi-automatic source code audit

Source: MITRE
Type: CNA
CVE-2001-1048

Source: MITRE
Type: CNA
CVE-2001-1049

Source: MITRE
Type: CNA
CVE-2001-1050

Source: MITRE
Type: CNA
CVE-2001-1051

Source: MITRE
Type: CNA
CVE-2001-1052

Source: MITRE
Type: CNA
CVE-2001-1054

Source: MITRE
Type: CNA
CVE-2001-1234

Source: MITRE
Type: CNA
CVE-2001-1235

Source: MITRE
Type: CNA
CVE-2001-1236

Source: MITRE
Type: CNA
CVE-2001-1237

Source: MITRE
Type: CNA
CVE-2001-1296

Source: MITRE
Type: CNA
CVE-2001-1297

Source: MITRE
Type: CNA
CVE-2001-1298

Source: MITRE
Type: CNA
CVE-2001-1299

Source: CCN
Type: Empris Web site
Empris

Source: CCN
Type: AWOL Web site
Project details for AWOL

Source: CCN
Type: Webodex Web site
Webodex

Source: CCN
Type: myphpPagetool Web site
Welcome to myphpPagetool

Source: CCN
Type: Phorecast Web site
What is Phorecast?

Source: CCN
Type: SourceForge.net
Project: SIPS

Source: CCN
Type: CCCSoftware Web site
CCC

Source: XF
Type: UNKNOWN
php-includedir-code-execution(7215)

Source: CCN
Type: US-CERT VU#847803
Php variables passed from the browser are stored in global context

Source: CERT-VN
Type: Exploit, Patch, Third Party Advisory, US Government Resource
VU#847803

Source: CCN
Type: more.groupware Web site
latest news

Source: CCN
Type: OSVDB ID: 13058
Empris includedir Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 13059
CCCSoftware CCC includedir Remote File Inclusion

Source: CCN
Type: OSVDB ID: 13060
Dark Hart Portal darkportal includedir Remote File Inclusion

Source: CCN
Type: OSVDB ID: 13090
Webodex CGI Script Remote File Inclusion

Source: CCN
Type: OSVDB ID: 1959
AWOL helperfunction.php includedir Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 1960
Actionpoll includedir Remote File Inclusion

Source: CCN
Type: OSVDB ID: 1961
ZorbStats includedir Remote File Inclusion

Source: CCN
Type: OSVDB ID: 1962
Phorecast Arbitrary File Inclusion

Source: CCN
Type: OSVDB ID: 1963
phpAdsNew helperfunction.php Remote File Inclusion

Source: CCN
Type: OSVDB ID: 1964
Phormation phormationdir Arbitrary File Inclusion

Source: CCN
Type: OSVDB ID: 1965
myphpPagetool helperfunction.php includedir Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 1966
pSlash includedir Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 1967
Bharat Mediratta Gallery includedir Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 35356
ActionPoll actionpoll.php CONFIG_POLLDB Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 35357
ActionPoll db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 37417
ActionPoll db/PollDB.php CONFIG_DATAREADERWRITER Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 5433
More.groupware Remote File Inclusion

Source: CCN
Type: PeaceWorks Computer Consulting Web site
Phormation

Source: CCN
Type: pSlash Web site
pSlash Web Portal System

Source: CCN
Type: BID-3383
Marc Logemann More.groupware Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3384
Actionpoll Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3385
Grant Horwood Webodex Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3386
Zorbat ZorbStats Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3387
AWOL Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3388
Paul M. Jones Phorecast Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3389
CCC Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3390
Dark Hart Portal Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3391
Empris Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3392
PHPAdsNew Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3393
Peaceworks Computer Consulting Phormation Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3394
Sebastian Bunka myphpPagetool Arbitrary Code Execution Vulnerability

Source: BID
Type: Vendor Advisory
3395

Source: CCN
Type: BID-3395
Derek Leung pSlash Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3396
Haakon Nilsen SIPS Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-3397
Bharat Mediratta Gallery Remote Arbitrary Code Execution Vulnerability

Source: XF
Type: UNKNOWN
php-includedir-code-execution(7215)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:derek_leung:pslash:0.70:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:grant_horwood:webodex:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:zorbat:zorbstats:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:cccsoftware:ccc:1.03:*:*:*:*:*:*:*
  • OR cpe:/a:emergenices_personnel_information_system:empris:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:peaceworks_computer_consulting:phormation:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:derek_leung:pslash:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:gallery:gallery:1.2.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    derek_leung pslash 0.70
    grant_horwood webodex 1.0
    zorbat zorbstats 0.8
    cccsoftware ccc 1.03
    emergenices_personnel_information_system empris 0.4
    peaceworks_computer_consulting phormation 0.9.1
    derek_leung pslash 0.70
    gallery gallery 1.2.1