Published: 18/08/2003 Updated: 18/10/2016

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

VMScore: 365

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

Directory traversal vulnerability in phpSysInfo 2.1 and previous versions allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpsysinfo phpsysinfo 2.0
phpsysinfo phpsysinfo 2.1

Albert Puigsech Galicia ripe@7a69ezineorg reported that phpsysinfo, a web-based program to display status information about the system, contains two vulnerabilities which could allow local files to be read, or arbitrary PHP code to be executed, under the privileges of the web server process (usually www-data) These vulnerabilities require access ...

source: wwwsecurityfocuscom/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue Local users may be capable of influencing the include path for PHPSysinfo language include files If the malicious language file is symlinked to a web server readable file, the contents of the linked file may be disclosed t ...

phpSysInfo versions 24 and below suffer from cross site scripting, HTTP response splitting, and arbitrary file inclusion flaws ...

NVD-CWE-Other http://www.debian.org/security/2003/dsa-346 http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015 http://marc.info/?l=bugtraq&m=105128606513226&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-346 https://www.exploit-db.com/exploits/22459/

CVE-2003-0536

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect