CVE-2002-2045
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2002
Last modified:
20/11/2024
Description
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:xqus:x-stat:2.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:xqus:x-stat:2.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
- http://securitytracker.com/id?1003827=
- http://www.ifrance.com/kitetoua/tuto/x_holes.txt
- http://www.securityfocus.com/bid/4279
- http://www.securityfocus.com/bid/4280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8466
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8467
- http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
- http://securitytracker.com/id?1003827=
- http://www.ifrance.com/kitetoua/tuto/x_holes.txt
- http://www.securityfocus.com/bid/4279
- http://www.securityfocus.com/bid/4280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8466
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8467