CVE-2002-0253

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 29/05/02 - Updated on 18/10/16

Description

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2002-0253

Exploits

SecurityFocusBID-4063

Relative technologies

VendorProduct
phpphp

Share this vulnerability with:

Twitter Facebook LinkedIn Mail