CVE-2002-2045

2005-07-1404:00:00

mitre

www.cve.org

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.

References

seclists.org/lists/vuln-dev/2002/Mar/0156.html

securitytracker.com/id?1003827

www.ifrance.com/kitetoua/tuto/x_holes.txt

www.securityfocus.com/bid/4279

www.securityfocus.com/bid/4280

exchange.xforce.ibmcloud.com/vulnerabilities/8466

exchange.xforce.ibmcloud.com/vulnerabilities/8467