Lucene search

[email protected]NVD:CVE-2002-2045

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2045

2002-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.

Affected configurations

Nvd

Node

xqusx-statMatch2.2

xqusx-statMatch2.3

VendorProductVersionCPE
xqusx-stat2.2cpe:2.3:a:xqus:x-stat:2.2:*:*:*:*:*:*:*
xqusx-stat2.3cpe:2.3:a:xqus:x-stat:2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xqus	x-stat	2.2	cpe:2.3:a:xqus:x-stat:2.2:::::::*
xqus	x-stat	2.3	cpe:2.3:a:xqus:x-stat:2.3:::::::*

References

seclists.org/lists/vuln-dev/2002/Mar/0156.html

securitytracker.com/id?1003827

www.ifrance.com/kitetoua/tuto/x_holes.txt

www.securityfocus.com/bid/4279

www.securityfocus.com/bid/4280

exchange.xforce.ibmcloud.com/vulnerabilities/8466

exchange.xforce.ibmcloud.com/vulnerabilities/8467

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

Related for NVD:CVE-2002-2045

cvelist1 cve1