CVE-2008-6999
phpAuction 3.2 and possibly 3.3.0 GPL Basic - Exposure of Sensitive Information via phpinfo.php
Title source: llmDescription
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
References (4)
Core 4
Core References
Exploit x_refsource_misc
http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/47939
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44936
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31803
Scores
EPSS
0.0132
EPSS Percentile
67.6%
Details
CWE
CWE-200
Status
published
Products (2)
phpauction/phpauction
3.2
phpauction/phpauction
3.3.0
Published
Aug 19, 2009
Tracked Since
Feb 18, 2026