Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2002-0995

EPSS 7.13% · P92
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2002-0995

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHPAuction未授权远程管理接口访问漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PhpAuction是一款免费开放源代码的基于WEB的拍卖系统,使用PHP+MYSQL实现。 PHPAuction中的login.php对用户提交的URL请求缺少正确判断,远程攻击者可以利用这个漏洞建立管理员权限的用户帐户。 PHPAuction中的/admin/login.php脚本只检查$action是否设置为"insert",如果是的情况下,就直接转向在管理员用户表中插入用户名和密码操作,攻击者可以提交非法URL请求导致在系统中增加具有管理员权限的帐户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2002-0995

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2002-0995

登录查看更多情报信息。

Same Patch Batch · n/a · 2003-04-02 · 350 CVEs total

CVE-2002-0718Microsoft Content Management Server 2001文件上传漏洞(MS02-041)
CVE-2002-0738MHonArc HTML脚本过滤可绕过漏洞
CVE-2002-0737Sambar WEB服务程序服务端文件解析可绕过漏洞
CVE-2002-0736Microsoft BackOffice授权问题漏洞
CVE-2002-0734B2 B2config.php远程命令执行漏洞
CVE-2002-0733ACME Labs thttpd跨站脚本执行漏洞
CVE-2002-0727Microsoft OWC可导致Active脚本执行漏洞
CVE-2002-0726Microsoft TSAC ActiveX远程缓冲区溢出漏洞(MS02-046)
CVE-2002-0722Microsoft Internet Explorer 安全漏洞
CVE-2002-0720Microsoft Windows 2000网络连接管理器权限提升漏洞(MS02-042)
CVE-2002-0719Microsoft Content Management Server 2001 SQL注入漏洞(MS02-041)
CVE-2002-0703Gisle Aas Digest-MD5 UTF-8摘要计算存在漏洞
CVE-2002-0695Microsoft Data Access Components T-SQL OpenRowSet远程缓冲区溢出漏洞(MS02-040)
CVE-2002-0697Microsoft Metadirectory服务远程LDAP客户端管理员访问漏洞(MS02-036)
CVE-2002-0698Microsoft Exchange Server 缓冲区错误漏洞
CVE-2002-0700Microsoft Content Management Server 2001用户认证缓冲区溢出漏洞(MS02-041)
CVE-2002-0701多个供应商进BSD KTrace SUID/SGID进程追踪漏洞
CVE-2002-0710Rod Clark sendform.cgi远程可获得任意文件漏洞
CVE-2002-0716OpenServer定时服务格式字符串漏洞
CVE-2002-0714Squid FTP代理数据通道漏洞

Showing top 20 of 350 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2002-0995

No comments yet

Leave a comment