PT-2002-1662 · Php · Php-Survey

Published

2002-06-11

Updated

2008-09-05

CVE-2002-0614

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP-Survey versions 20000615 and earlier

Description The issue allows remote attackers to obtain sensitive information, including database credentials, because the global.inc file is stored under the web root and .inc files are not preprocessed by the server.

Recommendations For versions 20000615 and earlier, consider moving the global.inc file outside of the web root or configuring the server to preprocess .inc files to prevent remote access to sensitive information.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0614

Affected Products

Php-Survey

PT-2002-1662 · Php · Php-Survey

CVE-2002-0614

Related Identifiers

Affected Products

References · 4