Vulnerability Description
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Francisco Burzi | Php-Nuke | 5.0 |
References
- http://online.securityfocus.com/archive/1/263337Vendor Advisory
- http://www.iss.net/security_center/static/8618.phpVendor Advisory
- http://www.securityfocus.com/bid/4333ExploitVendor Advisory
- http://online.securityfocus.com/archive/1/263337Vendor Advisory
- http://www.iss.net/security_center/static/8618.phpVendor Advisory
- http://www.securityfocus.com/bid/4333ExploitVendor Advisory
FAQ
What is CVE-2002-0483?
CVE-2002-0483 is a vulnerability with a CVSS score of 5.0 (MEDIUM). index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that le...
How severe is CVE-2002-0483?
CVE-2002-0483 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0483?
Check the references section above for vendor advisories and patch information. Affected products include: Francisco Burzi Php-Nuke.