Invision Power Board phpinfo.php Information Disclosure

2002-09-24T00:00:00
ID OSVDB:3356
Type osvdb
Reporter OSVDB
Modified 2002-09-24T00:00:00

Description

Vulnerability Description

Invision Power Board contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the phpinfo.php file, which will disclose system variables, path names, modules of Apache, PHP setup optoins, and more, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the phpinfo.php file from the web server.

Short Description

Invision Power Board contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the phpinfo.php file, which will disclose system variables, path names, modules of Apache, PHP setup optoins, and more, resulting in a loss of confidentiality.

References:

Secunia Advisory ID:7154 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-09/0303.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-09/0297.html ISS X-Force ID: 10178 CVE-2002-1149 Bugtraq ID: 5789