PT-2002-3001 · Badblue · Badblue

Published

2002-12-31

Updated

2017-07-29

CVE-2002-2289

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: BadBlue version 1.7.1

Description: The issue allows remote attackers to gain sensitive information, including ODBC passwords, by calling the phpinfo function through the soinfo.php file.

Recommendations: For BadBlue version 1.7.1, consider disabling the phpinfo function call in the soinfo.php file to prevent information disclosure. Restrict access to the soinfo.php file to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2002-2289

Affected Products

Badblue

PT-2002-3001 · Badblue · Badblue

CVE-2002-2289

Weakness Enumeration

Related Identifiers

Affected Products

References · 7