Vulnerabilities > CVE-2002-2247 - Configuration vulnerability in Mambo Site Server 4.0.11

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mambo

CWE-16

exploit available

NVD

Published: 2002-12-31

Updated: 2017-07-29

Summary

The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.

Vulnerable Configurations

Part	Description	Count
Application	Mambo Mambo Mambo Site Server 4.0.11	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Exploit-Db

description	Mambo Site Server 4.0.11 PHPInfo.PHP Information Disclosure Vulnerability. CVE-2002-2247. Webapps exploit for php platform
id	EDB-ID:22086
last seen	2016-02-02
modified	2002-12-12
published	2002-12-12
reporter	euronymous
source	https://www.exploit-db.com/download/22086/
title	Mambo Site Server 4.0.11 PHPInfo.PHP Information Disclosure Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References