5
CVE-2002-2289
- EPSS 1.37%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginsoinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Working Resources Inc. ≫ Badblue Version1.7.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.37% | 0.682 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://online.securityfocus.com/archive/1/300992
http://securityreason.com/securityalert/3243
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html
http://www.securityfocus.com/bid/6243
https://exchange.xforce.ibmcloud.com/vulnerabilities/10690