CVE-2002-2335

Killer Protection 1.0 - Info Disclosure

Title source: llm

Description

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21912

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://www.iss.net/security_center/static/10315.php

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/294208

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5905

Scores

EPSS 0.0479

EPSS Percentile 89.3%

Classification

CWE

CWE-16

Status draft

Affected Products (1)

john_drake/killer_protection

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026