CVE-2002-1149

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=103290602609197&w=2
http://www.iss.net/security_center/static/10178.php	Vendor Advisory
http://www.osvdb.org/3356
http://www.securityfocus.com/bid/5789
http://marc.info/?l=bugtraq&m=103290602609197&w=2
http://www.iss.net/security_center/static/10178.php	Vendor Advisory
http://www.osvdb.org/3356
http://www.securityfocus.com/bid/5789

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:invision_power_services:invision_board:1.0:::::::*
	cpe:2.3:a:invision_power_services:invision_board:1.0.1:::::::*

History

20 Nov 2024, 23:40

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=103290602609197&w=2 -~~	() http://marc.info/?l=bugtraq&m=103290602609197&w=2 -
References	~~() http://www.iss.net/security_center/static/10178.php - Vendor Advisory~~	() http://www.iss.net/security_center/static/10178.php - Vendor Advisory
References	~~() http://www.osvdb.org/3356 -~~	() http://www.osvdb.org/3356 -
References	~~() http://www.securityfocus.com/bid/5789 -~~	() http://www.securityfocus.com/bid/5789 -

Information

Published : 2002-10-11 04:00

Updated : 2024-11-20 23:40

NVD link : CVE-2002-1149

Mitre link : CVE-2002-1149

CVE.ORG link : CVE-2002-1149

JSON object : View

Products Affected

invision_power_services

invision_board

CWE

NVD-CWE-Other

{"id": "CVE-2002-1149", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-10-11T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=103290602609197&w=2", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10178.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3356", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5789", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=103290602609197&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/10178.php", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/3356", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/5789", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings."}, {"lang": "es", "value": "El procedimiento de instalaci\u00f3n en Invision Board sugiere que los usuarios instalen el programa phpinfo.php en la ra\u00edz del web, lo que filtra informaci\u00f3n sensible como nombres de rutas, informaci\u00f3n del SO, y configuraci\u00f3n de php."}], "lastModified": "2024-11-20T23:40:42.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}