PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2001-11-22T05:00:00
Updated: 2024-08-08T04:37:06.546Z
Reserved: 2001-11-22T00:00:00
Link: CVE-2001-0854
Vulnrichment
No data.
NVD
Status : Modified
Published: 2001-12-06T05:00:00.000
Modified: 2016-10-18T02:12:30.007
Link: CVE-2001-0854
Redhat
No data.