x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-07-14T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-07-14T00:00:00
Link: CVE-2002-2045
JSON object: View
NVD Information
Status : Modified
Published: 2002-12-31T05:00:00.000
Modified: 2017-07-11T01:29:26.117
Link: CVE-2002-2045
JSON object: View
Redhat Information
No data.
CWE