Vulnerability Description
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Firstpost | Php Firstpost | 0.1 |
References
- http://www.iss.net/security_center/static/8434.phpVendor Advisory
- http://www.osvdb.org/7170
- http://www.securityfocus.com/archive/1/261337Vendor Advisory
- http://www.securityfocus.com/bid/4274Vendor Advisory
- http://www.iss.net/security_center/static/8434.phpVendor Advisory
- http://www.osvdb.org/7170
- http://www.securityfocus.com/archive/1/261337Vendor Advisory
- http://www.securityfocus.com/bid/4274Vendor Advisory
FAQ
What is CVE-2002-0445?
CVE-2002-0445 is a vulnerability with a CVSS score of 5.0 (MEDIUM). article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message...
How severe is CVE-2002-0445?
CVE-2002-0445 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0445?
Check the references section above for vendor advisories and patch information. Affected products include: Php Firstpost Php Firstpost.