CVE-2002-2247

Name of the Vulnerable Software and Affected Versions: Mambo Site Server version 4.0.11

Description: The issue allows remote attackers to obtain sensitive information, including the full web root path, by accessing the administrator/phpinfo.php script. This script calls the phpinfo function, which provides detailed information about the PHP installation.

Recommendations: For Mambo Site Server version 4.0.11, consider restricting access to the administrator/phpinfo.php script to prevent unauthorized disclosure of sensitive information. As a temporary workaround, disabling the phpinfo function or removing the administrator/phpinfo.php script can help minimize the risk of exploitation.