cbcvebase.
CVE-2002-1149
published 2002-10-11

CVE-2002-1149: The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as…

PriorityP269medium5CVSS 2.0
AVNACLAuNCPINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.97%
77.9th percentile
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.

Affected

2 ranges
VendorProductVersion rangeFixed in
invision_power_servicesinvision_board
invision_power_servicesinvision_board

Detection & IOCsextracted from sources · hover to see the quote

filenamephpinfo.php
path/phpinfo.php
snort
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER WEB-PHP phpinfo access"; flow:established,to_server; http.uri; content:"/phpinfo.php"; nocase; reference:bugtraq,5789; reference:cve,2002-1149; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=3356; classtype:successful-recon-limited; sid:2019526; rev:6; metadata:created_at 2010_09_23, cve CVE_2002_1149, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06;)
  • Detect HTTP GET requests to /phpinfo.php under the web root, which exposes sensitive server information including absolute pathnames, OS details, and PHP configuration.
  • Match inbound HTTP URI containing '/phpinfo.php' (case-insensitive) on established connections from external to internal networks as a reconnaissance indicator.
  • ·The Snort/Suricata rule is classified as informational reconnaissance only (successful-recon-limited), not an active exploit — access to phpinfo.php is the vulnerability itself, not a secondary payload delivery.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.