Published: 12/11/2002 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Prometheus 6.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jason orcutt prometheus 3.0_beta
jason orcutt prometheus 4.0_beta
jason orcutt prometheus 6.0

source: wwwsecurityfocuscom/bid/6087/info Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers This issue is present in several PHP script files provided with Prometheus An attacker may exploit this by supplying a path to a malicious 'autoloadlib' file on a remote host as ...

NVD-CWE-Other http://www.idefense.com/advisory/10.31.02b.txt http://www.iss.net/security_center/static/10515.php http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html http://www.securityfocus.com/bid/6087 http://marc.info/?l=bugtraq&m=103616306403031&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/21976/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-1211

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect