Vulnerabilities > CVE-2002-0445 - Path Disclosure vulnerability in PHP Firstpost PHP Firstpost 0.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

php-firstpost

NVD

Published: 2002-07-26

Updated: 2008-09-05

Summary

article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.

Vulnerable Configurations

Part	Description	Count
Application	Php_Firstpost PHP Firstpost PHP Firstpost 0.1	1

References

http://www.iss.net/security_center/static/8434.php
http://www.osvdb.org/7170
http://www.securityfocus.com/archive/1/261337
http://www.securityfocus.com/bid/4274