Sign-up

ID

VAR-200205-0021


CVE

CVE-2002-0206


TITLE

Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site

Trust: 0.8

sources: CERT/CC: VU#221683

DESCRIPTION

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. PHPNuke is a website creation/maintenance tool. The 'index.php' script has a feature which allows users to include files. Due to insufficent input validation, it is possible to include files located on a remote server. Arbitrary code in the attacker's included file may be executed. As one consequence of this issue, a remote attacker can cause commands to be executed on the shell of the host running vulnerable versions of PHPNuke. Commands will be executed with the privileges of the webserver process and may result in the attacker gaining local access. It is not known whether this vulnerability affects PostNuke, though the possibility exists. This illegal local shell has the authority that the WEB Server process has. It's not clear if the same issue exists with PostNuke

Trust: 1.98

sources: NVD: CVE-2002-0206 // CERT/CC: VU#221683 // BID: 3889 // VULHUB: VHN-4599

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:5.2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.0.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:4.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:3.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:2.5

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.3.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.2a

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:1.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:4.4.1a

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:4.3

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:4.4

Trust: 1.0

vendor:franciscomodel:burzi php-nukescope:eqversion:5.3.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:4.4.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:3.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:2.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:1.0

Trust: 0.3

sources: BID: 3889 // CNNVD: CNNVD-200205-037 // NVD: CVE-2002-0206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0206
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#221683
value: 5.40

Trust: 0.8

CNNVD: CNNVD-200205-037
value: HIGH

Trust: 0.6

VULHUB: VHN-4599
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-0206
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-4599
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#221683 // VULHUB: VHN-4599 // CNNVD: CNNVD-200205-037 // NVD: CVE-2002-0206

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0206

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200205-037

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200205-037

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-4599

EXTERNAL IDS
db:CERT/CCid:VU#221683
Trust: 2.5
db:NVDid:CVE-2002-0206
Trust: 2.0
db:BIDid:3889
Trust: 2.0
db:CNNVDid:CNNVD-200205-037
Trust: 0.7
db:BUGTRAQid:20020116 PHP-NUKE ALLOWS COMMAND EXECUTION & MUCH MORE
Trust: 0.6
db:XFid:7914
Trust: 0.6
db:EXPLOIT-DBid:21230
Trust: 0.1
db:VULHUBid:VHN-4599
Trust: 0.1
sources:
            
            
            CERT/CC: VU#221683 // 
            
            
            
            VULHUB: VHN-4599 // 
            
            
            
            BID: 3889 // 
            
            
            
            CNNVD: CNNVD-200205-037 // 
            
            
            
            NVD: CVE-2002-0206

REFERENCES
url:http://www.securityfocus.com/bid/3889
Trust: 2.7
url:http://www.kb.cert.org/vuls/id/221683
Trust: 2.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/7914
Trust: 2.1
url:http://marc.info/?l=bugtraq&m=101121913914205&w=2
Trust: 2.0
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/7914
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=101121913914205&w=2
Trust: 0.6
url:http://marc.info/?l=bugtraq&m=101121913914205&w=2
Trust: 0.1
sources:
            
            
            CERT/CC: VU#221683 // 
            
            
            
            VULHUB: VHN-4599 // 
            
            
            
            CNNVD: CNNVD-200205-037 // 
            
            
            
            NVD: CVE-2002-0206

CREDITS
Handle Nopmanā€» nopman@hackermail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200205-037

SOURCES
db:CERT/CCid:VU#221683
db:VULHUBid:VHN-4599
db:BIDid:3889
db:CNNVDid:CNNVD-200205-037
db:NVDid:CVE-2002-0206

LAST UPDATE DATE
2024-11-22T23:12:10.739000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#221683date:2002-09-16T00:00:00
db:VULHUBid:VHN-4599date:2017-07-11T00:00:00
db:BIDid:3889date:2009-07-11T09:56:00
db:CNNVDid:CNNVD-200205-037date:2005-10-20T00:00:00
db:NVDid:CVE-2002-0206date:2024-11-20T23:38:33.010

SOURCES RELEASE DATE
db:CERT/CCid:VU#221683date:2002-09-16T00:00:00
db:VULHUBid:VHN-4599date:2002-05-16T00:00:00
db:BIDid:3889date:2002-01-16T00:00:00
db:CNNVDid:CNNVD-200205-037date:2002-01-16T00:00:00
db:NVDid:CVE-2002-0206date:2002-05-16T04:00:00