CVE-2008-6999

phpAuction 3.2 and possibly 3.3.0 GPL Basic - Exposure of Sensitive Information via phpinfo.php

Title source: llm
STIX 2.1

Description

phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/47939
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44936
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31803

Scores

EPSS 0.0132
EPSS Percentile 67.6%

Details

CWE
CWE-200
Status published
Products (2)
phpauction/phpauction 3.2
phpauction/phpauction 3.3.0
Published Aug 19, 2009
Tracked Since Feb 18, 2026