Description
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10853
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6376
Scores
EPSS
0.0549
EPSS Percentile
90.3%
Details
CWE
CWE-16
Status
published
Products (1)
mambo/mambo_site_server
4.0.11
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026