Описание
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2002-2045
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8466
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8467
- http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
- http://securitytracker.com/id?1003827
- http://www.ifrance.com/kitetoua/tuto/x_holes.txt
- http://www.securityfocus.com/bid/4279
- http://www.securityfocus.com/bid/4280
EPSS
Процентиль: 69%
0.00622
Низкий
CVE ID
Связанные уязвимости
nvd
больше 22 лет назад
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
EPSS
Процентиль: 69%
0.00622
Низкий