CVE-2002-1149 - The installation procedure for Invision Board suggests that users install the phpinfo.php program un

CVE-2002-1149

Summary

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.

References

Vulnerable Configurations

cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 02:24)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	5789
bugtraq	20020924 Information Disclosure with Invision Board installation (fwd)
osvdb	3356
xf	invision-phpinfo-information-disclosure(10178)

Last major update

18-10-2016 - 02:24

Published

11-10-2002 - 04:00

Last modified

18-10-2016 - 02:24