Lucene search

[email protected]NVD:CVE-2002-2045

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2045

2002-12-3105:00:00

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.2%

JSON

x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.

Affected configurations

NVD

Node

xqusx-statMatch2.2

xqusx-statMatch2.3

References

seclists.org/lists/vuln-dev/2002/Mar/0156.html

securitytracker.com/id?1003827

www.ifrance.com/kitetoua/tuto/x_holes.txt

www.securityfocus.com/bid/4279

www.securityfocus.com/bid/4280

exchange.xforce.ibmcloud.com/vulnerabilities/8466

exchange.xforce.ibmcloud.com/vulnerabilities/8467

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.2%

JSON

Related for NVD:CVE-2002-2045

cvelist1 cve1