Vulnerability Details CVE-2002-2289
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://online.securityfocus.com/archive/1/300992
- http://securityreason.com/securityalert/3243
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html
- http://www.securityfocus.com/bid/6243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10690
- http://online.securityfocus.com/archive/1/300992
- http://securityreason.com/securityalert/3243
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html
- http://www.securityfocus.com/bid/6243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10690
Products affected by CVE-2002-2289
-
cpe:2.3:a:working_resources_inc.:badblue:1.7.1