Description

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.

Remediation

References

CVE-2002-0253

Related Vulnerabilities

WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (4.7)

WordPress Plugin Filter Custom Fields & Taxonomies Light Unspecified Vulnerability (1.04)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.16)

Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42122)

WordPress Plugin Profile Extra Fields by BestWebSoft Cross-Site Scripting (1.0.7)

Severity

Medium

Classification

CVE-2002-0253

Tags

Missing Update Known Vulnerabilities