Vulnerability Description
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invision Power Services | Invision Board | 1.0 |
References
- http://marc.info/?l=bugtraq&m=103290602609197&w=2
- http://www.iss.net/security_center/static/10178.phpVendor Advisory
- http://www.osvdb.org/3356
- http://www.securityfocus.com/bid/5789
- http://marc.info/?l=bugtraq&m=103290602609197&w=2
- http://www.iss.net/security_center/static/10178.phpVendor Advisory
- http://www.osvdb.org/3356
- http://www.securityfocus.com/bid/5789
FAQ
What is CVE-2002-1149?
CVE-2002-1149 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and ...
How severe is CVE-2002-1149?
CVE-2002-1149 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1149?
Check the references section above for vendor advisories and patch information. Affected products include: Invision Power Services Invision Board.