var-200111-0015
Vulnerability from variot
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. When a user authenticates to a PHP-Nuke based page, a cookie is created which includes that user's account name and password. This password is encoded using Base 64 encoding, and can be immediately decoded by anyone with access to the cookies contents. This, an attacker able to gain access to this cookie may trivially learn the user's account name and password, and compromise that account. Older versions of PHP-Nuke may also be vulnerable. PostNuke 0.6.4(and possibly earlier versions) is also vulnerable. PHP Nuke uses a global variable named '$user'. It is normally retrieved from a cookie, but can be supplied in a URL. This value contains uuencoded values for the user information and the user's password hash. These values are decoded on the server and used in various SQL queries during the execution of PHP Nuke scripts. Several variables used in this query contain user-supplied input. These values may be injected into a uuencoded $user variable passed in a URL. Attackers may modify the query so that its logic forces retrieval of sensitive information associated with arbitrary users. This could be accomplished if the attacker has a valid username. If exploited, the attacker will have gained the encrypted password and user information of the target user. The password could then be brute-forced, allowing further compromises of security on the affected host, including arbitrary file access and remote command execution as the webserver process. There is a security issue in this CGI program, which may lead to the disclosure of sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200111-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.3.1"
},
{
"model": "postnuke",
"scope": "eq",
"trust": 1.0,
"vendor": "postnuke",
"version": "0.64"
},
{
"model": "development team postnuke",
"scope": "eq",
"trust": 0.3,
"vendor": "postnuke",
"version": "0.64"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.3.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "3567"
},
{
"db": "BID",
"id": "2431"
},
{
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0911"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted by Cabezon Aur\u00e9lien \u003caurelien.cabezon@iSecureLabs.com\u003e to the BugTraq mailing list on November 22, 2001.",
"sources": [
{
"db": "BID",
"id": "3567"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0911",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3718",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0911",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200111-026",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3718",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3718"
},
{
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. \nWhen a user authenticates to a PHP-Nuke based page, a cookie is created which includes that user\u0027s account name and password. This password is encoded using Base 64 encoding, and can be immediately decoded by anyone with access to the cookies contents. This, an attacker able to gain access to this cookie may trivially learn the user\u0027s account name and password, and compromise that account. \nOlder versions of PHP-Nuke may also be vulnerable. PostNuke 0.6.4(and possibly earlier versions) is also vulnerable. PHP Nuke uses a global variable named \u0027$user\u0027. It is normally retrieved from a cookie, but can be supplied in a URL. This value contains uuencoded values for the user information and the user\u0027s password hash. \nThese values are decoded on the server and used in various SQL queries during the execution of PHP Nuke scripts. \nSeveral variables used in this query contain user-supplied input. These values may be injected into a uuencoded $user variable passed in a URL. \nAttackers may modify the query so that its logic forces retrieval of sensitive information associated with arbitrary users. This could be accomplished if the attacker has a valid username. \nIf exploited, the attacker will have gained the encrypted password and user information of the target user. \nThe password could then be brute-forced, allowing further compromises of security on the affected host, including arbitrary file access and remote command execution as the webserver process. There is a security issue in this CGI program, which may lead to the disclosure of sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"db": "BID",
"id": "3567"
},
{
"db": "BID",
"id": "2431"
},
{
"db": "VULHUB",
"id": "VHN-3718"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-0911",
"trust": 2.3
},
{
"db": "BID",
"id": "3567",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200111-026",
"trust": 0.7
},
{
"db": "XF",
"id": "7596",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011121 PHPNUKE ADMIN PASSWORD CAN BE STOLEN !",
"trust": 0.6
},
{
"db": "BID",
"id": "2431",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-3718",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3718"
},
{
"db": "BID",
"id": "3567"
},
{
"db": "BID",
"id": "2431"
},
{
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
]
},
"id": "VAR-200111-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3718"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:41:04.916000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0911"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3567"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7596"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=100638850219503\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/7596.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=100638850219503\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.postnuke.com"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=100638850219503\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3718"
},
{
"db": "BID",
"id": "3567"
},
{
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3718"
},
{
"db": "BID",
"id": "3567"
},
{
"db": "BID",
"id": "2431"
},
{
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-3718"
},
{
"date": "2001-11-22T00:00:00",
"db": "BID",
"id": "3567"
},
{
"date": "2001-02-23T00:00:00",
"db": "BID",
"id": "2431"
},
{
"date": "2001-11-21T05:00:00",
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"date": "2001-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-3718"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3567"
},
{
"date": "2009-07-11T04:46:00",
"db": "BID",
"id": "2431"
},
{
"date": "2017-12-19T02:29:28.363000",
"db": "NVD",
"id": "CVE-2001-0911"
},
{
"date": "2006-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "3567"
},
{
"db": "BID",
"id": "2431"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Cookie Fragile encryption mechanism vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200111-026"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.