CVE-2001-1235 in pSlash
Summary
by MITRE
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/27/2025
The vulnerability identified as CVE-2001-1235 affects pSlash PHP script versions 0.7 and earlier, presenting a critical security flaw that enables remote code execution through insecure file inclusion mechanisms. This vulnerability resides in the script's handling of the includedir variable, which is manipulated via HTTP requests to achieve unauthorized code execution on the target system. The flaw represents a classic example of insecure direct object reference and remote file inclusion vulnerability that was prevalent in early web application development practices.
The technical implementation of this vulnerability exploits the lack of proper input validation and sanitization within the pSlash script's file inclusion functionality. When attackers craft malicious HTTP requests that modify the includedir variable, they can inject remote URLs that point to malicious content hosted on external web servers. The script processes these requests without adequate verification, leading to the inclusion and execution of arbitrary code from remote sources. This vulnerability operates under the CWE-98 principle of "Insecure Direct Object Reference" and demonstrates how insufficient parameter validation can lead to complete system compromise.
From an operational perspective, this vulnerability provides attackers with a straightforward path to execute arbitrary code on affected systems, potentially leading to full system compromise, data theft, or service disruption. The remote nature of the attack means that exploitation does not require local access to the target system, making it particularly dangerous for web applications exposed to the internet. Attackers can leverage this vulnerability to establish persistent access, install backdoors, or launch further attacks against the internal network. The impact extends beyond immediate code execution to include potential privilege escalation and lateral movement within compromised environments.
Mitigation strategies for CVE-2001-1235 primarily involve immediate patching of the pSlash script to versions that properly validate and sanitize input parameters before processing file inclusion requests. Organizations should implement strict input validation mechanisms that prevent modification of critical variables through HTTP requests, employ whitelisting approaches for file inclusion paths, and disable remote file inclusion features entirely. The ATT&CK framework categorizes this vulnerability under T1190 "Exploit Public-Facing Application" and T1059.007 "Command and Scripting Interpreter: PowerShell," highlighting the need for network segmentation and proper access controls. Additionally, implementing web application firewalls, conducting regular security assessments, and maintaining up-to-date security patches remain essential defensive measures against similar vulnerabilities in modern web applications.