PT-2002-2959 · Mambo+1 · Mambo Site Server+1
Published
2002-12-31
·
Updated
2017-07-29
·
CVE-2002-2247
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Mambo Site Server version 4.0.11
Description:
The issue allows remote attackers to obtain sensitive information, including the full web root path, by accessing the administrator/phpinfo.php script. This script calls the phpinfo function, which provides detailed information about the PHP installation.
Recommendations:
For Mambo Site Server version 4.0.11, consider restricting access to the administrator/phpinfo.php script to prevent unauthorized disclosure of sensitive information. As a temporary workaround, disabling the phpinfo function or removing the administrator/phpinfo.php script can help minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mambo Site Server
Php