VAR-200112-0055
Vulnerability from variot - Updated: 2025-04-03 22:25PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user. PHP Nuke is a web portal creation and management package, implemented in the PHP scripting language. The default installation includes the script 'admin/case/case.filemanager.php', which can be used to copy and delete files on the server file system. While the script contains code used to ensure it is only called by an administrative script responsible for user authentication, the implementation of this is flawed. As a result, any remote user may call the script directly without authenticating, and copy and delete any file on the server, subject to the user permissions under which the script executes. Vulnerabilities exist in PHP-Nuke version 5.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
}
],
"sources": [
{
"db": "BID",
"id": "3510"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
},
{
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Magnux Software, and posted to the BugTraq mailing list by masa@magnux.com on November 5, 2001.",
"sources": [
{
"db": "BID",
"id": "3510"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0854",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-3661",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0854",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-059",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-3661",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3661"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
},
{
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user. PHP Nuke is a web portal creation and management package, implemented in the PHP scripting language. The default installation includes the script \u0027admin/case/case.filemanager.php\u0027, which can be used to copy and delete files on the server file system. \nWhile the script contains code used to ensure it is only called by an administrative script responsible for user authentication, the implementation of this is flawed. As a result, any remote user may call the script directly without authenticating, and copy and delete any file on the server, subject to the user permissions under which the script executes. Vulnerabilities exist in PHP-Nuke version 5.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0854"
},
{
"db": "BID",
"id": "3510"
},
{
"db": "VULHUB",
"id": "VHN-3661"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3510",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-0854",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059",
"trust": 0.7
},
{
"db": "XF",
"id": "7478",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011105 COPYING AND DELETING FILES USING PHP-NUKE",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3661",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3661"
},
{
"db": "BID",
"id": "3510"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
},
{
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"id": "VAR-200112-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3661"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:25:22.191000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3510"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7478.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=100525739116093\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=100525739116093\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=100525739116093\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3661"
},
{
"db": "BID",
"id": "3510"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
},
{
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3661"
},
{
"db": "BID",
"id": "3510"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
},
{
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-3661"
},
{
"date": "2001-11-05T00:00:00",
"db": "BID",
"id": "3510"
},
{
"date": "2001-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-059"
},
{
"date": "2001-12-06T05:00:00",
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-3661"
},
{
"date": "2001-11-05T00:00:00",
"db": "BID",
"id": "3510"
},
{
"date": "2006-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-059"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0854"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP Nuke Copy and delete file vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3510"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-059"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…