CVE-2004-2374

BadBlue 2.4 - Info Disclosure

Title source: llm

Description

BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Rafel Ivgi · textwebappsphp

https://www.exploit-db.com/exploits/23753

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/355109

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15311

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9737

Scores

EPSS 0.0345

EPSS Percentile 87.5%

Details

Status published

Products (1)

working_resources_inc./badblue 2.40

Published Dec 31, 2004

Tracked Since Feb 18, 2026