CVE-2002-2045

Sažetak

x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.

Reference

http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
http://securitytracker.com/id?1003827
http://www.ifrance.com/kitetoua/tuto/x_holes.txt
http://www.securityfocus.com/bid/4279
http://www.securityfocus.com/bid/4280
https://exchange.xforce.ibmcloud.com/vulnerabilities/8466
https://exchange.xforce.ibmcloud.com/vulnerabilities/8467

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:29

Objavljeno

31-12-2002 - 05:00