CVE-2002-2289
BadBlue 1.7.1 - Exposure of Sensitive Information via soinfo.php phpinfo Function
Title source: llmDescription
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10690
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6243
Exploit mailing-list
x_refsource_fulldisc
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html
Exploit mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/300992
Exploit third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3243
Scores
EPSS
0.0137
EPSS Percentile
68.6%
Details
CWE
CWE-200
Status
published
Products (1)
working_resources_inc./badblue
1.7.1
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026