CVE Daily

CVE-2002-2289

soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote atta...

Medium CVSS 5.0

Overview

soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.

CWE: CWE-200 Published: 2002-12-31T05:00:00.000
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.0 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags