CVE-2002-0462

Name of the Vulnerable Software and Affected Versions Big Sam (Built-In Guestbook Stand-Alone Module) versions 1.1.08 and earlier

Description The issue allows remote attackers to cause a denial of service or obtain the absolute path of the web server. This can be achieved by providing a very large number in the displayBegin parameter. When PHP safe mode is enabled, the web path is leaked in an error message. When safe mode is not enabled, the action consumes resources.

Recommendations For Big Sam (Built-In Guestbook Stand-Alone Module) versions 1.1.08 and earlier, consider restricting access to the bigsam guestbook.php file until a patch is available. As a temporary workaround, avoid using the displayBegin parameter with large numbers to minimize the risk of exploitation.