VYPR
Unrated severityNVD Advisory· Published May 3, 2001· Updated Jun 16, 2026

CVE-2001-0320

CVE-2001-0320

Description

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.

Affected products

3
  • PHP-Nuke/PHP Nuke3 versions
    cpe:2.3:a:francisco_burzi:php-nuke:4.0.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:francisco_burzi:php-nuke:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*
    • (no CPE)range: =4.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.