CVE-2002-2288

Mambo Site Server 4.0.11 - Physical Path Exposure via Invalid Parameter Error

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2288. PoCs published by euronymous.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Mambo Site Server. The vulnerability allows an attacker to leak the script path by sending an invalid parameter to 'index.php'.

Description

Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by euronymous · textwebappsphp

https://www.exploit-db.com/exploits/22087

View Code ZIP pw:eip

This is a writeup describing an information disclosure vulnerability in Mambo Site Server. The vulnerability allows an attacker to leak the script path by sending an invalid parameter to 'index.php'.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mambo Site Server 4.0.11

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/10856

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6387

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html

Scores

EPSS 0.0201

EPSS Percentile 78.3%

Details

CWE

CWE-200

Status published

Products (1)

mambo/site_server 4.0.11

Published Dec 31, 2002

Tracked Since Feb 18, 2026