PT-2002-3047 · Unknown · Killer Protection

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2335

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Killer Protection version 1.0

Description The issue allows remote attackers to obtain user names and passwords by accessing the vars.inc include file, which is stored under the web root with insufficient access control. This can lead to unauthorized logins using the protection.php file.

Recommendations For Killer Protection version 1.0, consider restricting access to the vars.inc file and limiting access to the protection.php file to prevent unauthorized logins. As a temporary workaround, restrict access to the web root directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2002-2335

Affected Products

Killer Protection

PT-2002-3047 · Unknown · Killer Protection

CVE-2002-2335

Weakness Enumeration

Related Identifiers

Affected Products

References · 5