CVE-2001-1025
First published: Fri Aug 31 2001(Updated: )
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP-Nuke | =5.0 | |
| PHP-Nuke | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1025?
CVE-2001-1025 is considered a critical vulnerability due to the potential for arbitrary SQL execution.
How do I fix CVE-2001-1025?
To fix CVE-2001-1025, upgrade to PHP-Nuke version 5.0.2 or later where the vulnerability has been patched.
What systems are affected by CVE-2001-1025?
CVE-2001-1025 affects PHP-Nuke versions 5.0 and 5.0.1.
What type of attack does CVE-2001-1025 enable?
CVE-2001-1025 enables remote attackers to perform arbitrary SQL operations.
Can CVE-2001-1025 be exploited without authentication?
Yes, CVE-2001-1025 can be exploited by remote attackers without needing authentication.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/francisco burzi
- canonical/php-nuke
- version/php-nuke/5.0
- version/php-nuke/5.0.1