CVE-2001-1011

high

Description

index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6910

http://www.securityfocus.com/bid/3093

http://www.osvdb.org/1911

http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz

Details

Source: Mitre, NVD

Published: 2001-07-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01703