Vulnerability Description
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postnuke Software Foundation | Postnuke | 0.703 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html
- http://www.iss.net/security_center/static/8699.phpPatch
- http://www.securityfocus.com/bid/4381Exploit
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html
- http://www.iss.net/security_center/static/8699.phpPatch
- http://www.securityfocus.com/bid/4381Exploit
FAQ
What is CVE-2002-2015?
CVE-2002-2015 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
How severe is CVE-2002-2015?
CVE-2002-2015 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2015?
Check the references section above for vendor advisories and patch information. Affected products include: Postnuke Software Foundation Postnuke.