Description
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Albert Puigsech Galicia · textwebappsphp
https://www.exploit-db.com/exploits/22459
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105128606513226&w=2
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2003/dsa-346
Product x_refsource_misc
http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015
Scores
EPSS
0.0074
EPSS Percentile
73.0%
Details
Status
published
Products (2)
phpsysinfo/phpsysinfo
2.0
phpsysinfo/phpsysinfo
2.1
Published
Aug 18, 2003
Tracked Since
Feb 18, 2026