Vulnerability Description
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mambo | Mambo Site Server | 4.0.11 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
- http://www.securityfocus.com/bid/6376ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10853
- http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
- http://www.securityfocus.com/bid/6376ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10853
FAQ
What is CVE-2002-2247?
CVE-2002-2247 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo functio...
How severe is CVE-2002-2247?
CVE-2002-2247 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2247?
Check the references section above for vendor advisories and patch information. Affected products include: Mambo Mambo Site Server.