VYPR
Unrated severityNVD Advisory· Published Jul 21, 2001· Updated Jun 16, 2026

CVE-2001-1370

CVE-2001-1370

Description

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:phplib_team:phplib:7.2:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:phplib_team:phplib:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phplib_team:phplib:7.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phplib_team:phplib:7.2b:*:*:*:*:*:*:*
    • cpe:2.3:a:phplib_team:phplib:7.2c:*:*:*:*:*:*:*
    • (no CPE)range: <7.2d
  • Range: <=1.2.5

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.