Vulnerabilities > CVE-2002-2335 - Configuration vulnerability in John Drake Killer Protection 1.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
john-drake
CWE-16
exploit available

Summary

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.

Vulnerable Configurations

Part Description Count
Application
John_Drake
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionKiller Protection 1.0 Information Disclosure Vulnerability. CVE-2002-2335. Webapps exploit for php platform
idEDB-ID:21912
last seen2016-02-02
modified2002-10-07
published2002-10-07
reporterfrog
sourcehttps://www.exploit-db.com/download/21912/
titleKiller Protection 1.0 Information Disclosure Vulnerability