Vulnerabilities > CVE-2002-1135 - Unspecified vulnerability in PHPwebsite 0.8.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

phpwebsite

exploit available

NVD

Published: 2002-10-04

Updated: 2016-10-18

Summary

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.

Vulnerable Configurations

Part	Description	Count
Application	Phpwebsite Phpwebsite Phpwebsite 0.8.2	1

Exploit-Db

description	phpWebsite 0.8.2 PHP File Include Vulnerability. CVE-2002-1135. Webapps exploit for php platform
id	EDB-ID:21825
last seen	2016-02-02
modified	2002-09-23
published	2002-09-23
reporter	Tim Vandermeersch
source	https://www.exploit-db.com/download/21825/
title	phpWebsite 0.8.2 PHP File Include Vulnerability

References

http://marc.info/?l=bugtraq&m=103279980906880&w=2
http://phpwebsite.appstate.edu/article.php?sid=400
http://www.iss.net/security_center/static/10164.php
http://www.osvdb.org/3848
http://www.securityfocus.com/bid/5779