x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/lists/vuln-dev/2002/Mar/0156.html - | |
References | () http://securitytracker.com/id?1003827 - Exploit | |
References | () http://www.ifrance.com/kitetoua/tuto/x_holes.txt - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/4279 - | |
References | () http://www.securityfocus.com/bid/4280 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/8466 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/8467 - |
Information
Published : 2002-12-31 05:00
Updated : 2024-11-20 23:42
NVD link : CVE-2002-2045
Mitre link : CVE-2002-2045
CVE.ORG link : CVE-2002-2045
JSON object : View
Products Affected
xqus
- x-stat
CWE