Lucene search

[email protected]CVE-2002-0614

HistoryJun 18, 2002 - 4:00 a.m.

CVE-2002-0614

2002-06-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0614

php-survey

sensitive information

remote attackers

web security

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON

PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server.

CPENameOperatorVersion
php-survey:php-surveyphp-surveyeq2000-04-20
php-survey:php-surveyphp-surveyeq2000-04-21
php-survey:php-surveyphp-surveyeq2000-06-15
php-survey:php-surveyphp-surveyeq2000-06-14
php-survey:php-surveyphp-surveyeqprebeta2000-03-27
php-survey:php-surveyphp-surveyeq2000-06-14b

CPE	Name	Operator	Version
php-survey:php-survey	php-survey	eq	2000-04-20
php-survey:php-survey	php-survey	eq	2000-04-21
php-survey:php-survey	php-survey	eq	2000-06-15
php-survey:php-survey	php-survey	eq	2000-06-14
php-survey:php-survey	php-survey	eq	prebeta2000-03-27
php-survey:php-survey	php-survey	eq	2000-06-14b

References

archives.neohapsis.com/archives/bugtraq/2002-04/0383.html

www.iss.net/security_center/static/8950.php

www.securityfocus.com/bid/4612

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON