Vulnerability Description
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peaceworks Computer Consulting | Phormation | <= 0.9.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.iss.net/security_center/static/7215.php
- http://www.kb.cert.org/vuls/id/847803US Government Resource
- http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz
- http://www.securityfocus.com/bid/3393ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.iss.net/security_center/static/7215.php
- http://www.kb.cert.org/vuls/id/847803US Government Resource
- http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz
- http://www.securityfocus.com/bid/3393ExploitPatchVendor Advisory
FAQ
What is CVE-2001-1237?
CVE-2001-1237 is a vulnerability with a CVSS score of 7.5 (HIGH). Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
How severe is CVE-2001-1237?
CVE-2001-1237 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1237?
Check the references section above for vendor advisories and patch information. Affected products include: Peaceworks Computer Consulting Phormation.