ID

VAR-200109-0004


CVE

CVE-2001-1032


TITLE

PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files

Trust: 0.8

sources: CERT/CC: VU#933955

DESCRIPTION

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. PHP Nuke is a website creation/maintenance tool written in PHP3. PHP Nuke contains a vulnerability in 'admin.php' that may allow for remote attackers to overwrite files with custom data on target webservers. May allow for an attacker to gain access to the host, cause denial of service or deface the target website. PostNuke, a derivative of PHP Nuke, is also vulnerable. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc

Trust: 1.98

sources: NVD: CVE-2001-1032 // CERT/CC: VU#933955 // BID: 3361 // VULHUB: VHN-3837

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:lteversion:5.2

Trust: 1.0

vendor:php nukemodel: - scope: - version: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.2

Trust: 0.6

vendor:franciscomodel:burzi php-nuke ascope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:4.4.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:3.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:2.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:1.0

Trust: 0.3

sources: CERT/CC: VU#933955 // BID: 3361 // CNNVD: CNNVD-200109-125 // NVD: CVE-2001-1032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1032
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#933955
value: 4.28

Trust: 0.8

CNNVD: CNNVD-200109-125
value: HIGH

Trust: 0.6

VULHUB: VHN-3837
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-1032
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3837
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#933955 // VULHUB: VHN-3837 // CNNVD: CNNVD-200109-125 // NVD: CVE-2001-1032

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200109-125

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200109-125

EXTERNAL IDS

db:BIDid:3361

Trust: 2.8

db:NVDid:CVE-2001-1032

Trust: 1.7

db:CERT/CCid:VU#933955

Trust: 0.8

db:CNNVDid:CNNVD-200109-125

Trust: 0.7

db:BUGTRAQid:20010924 TWLC ADVISORY: ALL VERSIONS OF PHP NUKE ARE VULNERABLE...

Trust: 0.6

db:XFid:7170

Trust: 0.6

db:VULHUBid:VHN-3837

Trust: 0.1

sources: CERT/CC: VU#933955 // VULHUB: VHN-3837 // BID: 3361 // CNNVD: CNNVD-200109-125 // NVD: CVE-2001-1032

REFERENCES

url:http://www.securityfocus.com/bid/3361

Trust: 2.5

url:http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html

Trust: 1.7

url:http://sourceforge.net/forum/forum.php?forum_id=113892

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/7170

Trust: 1.1

url:http://www.securiteam.com/unixfocus/5fp0l1f5fs.html

Trust: 0.8

url:http://www.twlc.net/article.php?sid=421

Trust: 0.8

url:http://sourceforge.net/tracker/?group_id=7511

Trust: 0.8

url:http://xforce.iss.net/static/7170.php

Trust: 0.6

url:http://www.ncc.org.ve/php-nuke.php3?op=english

Trust: 0.3

sources: CERT/CC: VU#933955 // VULHUB: VHN-3837 // BID: 3361 // CNNVD: CNNVD-200109-125 // NVD: CVE-2001-1032

CREDITS

supergate※ supergate@twlc.net

Trust: 0.6

sources: CNNVD: CNNVD-200109-125

SOURCES

db:CERT/CCid:VU#933955
db:VULHUBid:VHN-3837
db:BIDid:3361
db:CNNVDid:CNNVD-200109-125
db:NVDid:CVE-2001-1032

LAST UPDATE DATE

2025-04-03T22:39:10.657000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#933955date:2002-09-24T00:00:00
db:VULHUBid:VHN-3837date:2017-10-10T00:00:00
db:BIDid:3361date:2001-09-24T00:00:00
db:CNNVDid:CNNVD-200109-125date:2012-11-28T00:00:00
db:NVDid:CVE-2001-1032date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:CERT/CCid:VU#933955date:2002-09-24T00:00:00
db:VULHUBid:VHN-3837date:2001-09-24T00:00:00
db:BIDid:3361date:2001-09-24T00:00:00
db:CNNVDid:CNNVD-200109-125date:2001-09-24T00:00:00
db:NVDid:CVE-2001-1032date:2001-09-24T04:00:00