CVE-2002-0445

Published Jul 26, 2002

Last updated 16 years ago

Overview

Description: article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php_firstpost:php_firstpost:0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90A97200-A5D4-4FD9-8AC0-7453542FF9F2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References