CVE-2001-1020 - OpenCVE

edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Vibechild	Directory Manager

Configuration 1 [-]

cpe:2.3:a:vibechild:directory_manager:*:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=51589
http://www.securityfocus.com/bid/3288	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7079

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-03-09T05:00:00

Updated: 2002-02-06T10:00:00

Reserved: 2002-01-31T00:00:00

Link: CVE-2001-1020

JSON object: View

NVD Information

Status : Modified

Published: 2001-09-05T04:00:00.000

Modified: 2017-10-10T01:29:58.173

Link: CVE-2001-1020

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-02-06T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3288", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3288"}, {"name": "20010905 directorymanager bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=51589"}, {"name": "directory-manager-execute-commands(7079)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7079"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3288"}, {"name": "20010905 directorymanager bug", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=51589", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=51589"}, {"name": "directory-manager-execute-commands(7079)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7079"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1020", "datePublished": "2002-03-09T05:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2002-02-06T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}