CVE-2001-1370

Name of the Vulnerable Software and Affected Versions PHPLib versions prior to 7.2d

Description The issue allows remote attackers to execute arbitrary scripts via an HTTP request that modifies the libdir variable in the $ PHPLIB array to point to malicious code on another server. This can be exploited when register globals is enabled for PHP. The issue is seen in various packages that use PHPLib, including Horde 1.2.5 and earlier, and IMP before 2.2.6.

Recommendations For PHPLib versions prior to 7.2d, update to version 7.2d or later to resolve the issue. As a temporary workaround, consider disabling the register globals setting in PHP configuration to minimize the risk of exploitation. Restrict access to the prepend.php3 file to prevent malicious modifications.