VAR-200109-0004
Vulnerability from variot - Updated: 2025-04-03 22:39admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. PHP Nuke is a website creation/maintenance tool written in PHP3. PHP Nuke contains a vulnerability in 'admin.php' that may allow for remote attackers to overwrite files with custom data on target webservers. May allow for an attacker to gain access to the host, cause denial of service or deface the target website. PostNuke, a derivative of PHP Nuke, is also vulnerable. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200109-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "php nuke",
"version": null
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "3.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "2.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "1.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "supergate\u203b supergate@twlc.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
}
],
"trust": 0.6
},
"cve": "CVE-2001-1032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1032",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3837",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#933955",
"trust": 0.8,
"value": "4.28"
},
{
"author": "CNNVD",
"id": "CNNVD-200109-125",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3837",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. PHPNuke\u0027s \"admin.php\" script does not properly authenticate users of its filemanager capabilities. PHP Nuke is a website creation/maintenance tool written in PHP3. \nPHP Nuke contains a vulnerability in \u0027admin.php\u0027 that may allow for remote attackers to overwrite files with custom data on target webservers. \nMay allow for an attacker to gain access to the host, cause denial of service or deface the target website. \nPostNuke, a derivative of PHP Nuke, is also vulnerable. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1032"
},
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "VULHUB",
"id": "VHN-3837"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3361",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2001-1032",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#933955",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010924 TWLC ADVISORY: ALL VERSIONS OF PHP NUKE ARE VULNERABLE...",
"trust": 0.6
},
{
"db": "XF",
"id": "7170",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3837",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"id": "VAR-200109-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3837"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:39:10.657000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/3361"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html"
},
{
"trust": 1.7,
"url": "http://sourceforge.net/forum/forum.php?forum_id=113892"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7170"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/unixfocus/5fp0l1f5fs.html"
},
{
"trust": 0.8,
"url": "http://www.twlc.net/article.php?sid=421"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/tracker/?group_id=7511"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/7170.php"
},
{
"trust": 0.3,
"url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#933955"
},
{
"db": "VULHUB",
"id": "VHN-3837"
},
{
"db": "BID",
"id": "3361"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#933955"
},
{
"date": "2001-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-3837"
},
{
"date": "2001-09-24T00:00:00",
"db": "BID",
"id": "3361"
},
{
"date": "2001-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"date": "2001-09-24T04:00:00",
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#933955"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3837"
},
{
"date": "2001-09-24T00:00:00",
"db": "BID",
"id": "3361"
},
{
"date": "2012-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-125"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-1032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHPNuke \u0027admin.php\u0027 script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#933955"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-125"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…