CVE-2002-1149
published 2002-10-11CVE-2002-1149: The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as…
PriorityP269medium5CVSS 2.0
AVNACLAuNCPINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.97%
77.9th percentile
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| invision_power_services | invision_board | — | — |
| invision_power_services | invision_board | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path/phpinfo.php
snort
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER WEB-PHP phpinfo access"; flow:established,to_server; http.uri; content:"/phpinfo.php"; nocase; reference:bugtraq,5789; reference:cve,2002-1149; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=3356; classtype:successful-recon-limited; sid:2019526; rev:6; metadata:created_at 2010_09_23, cve CVE_2002_1149, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06;)
- →Detect HTTP GET requests to /phpinfo.php under the web root, which exposes sensitive server information including absolute pathnames, OS details, and PHP configuration. ↗
- →Match inbound HTTP URI containing '/phpinfo.php' (case-insensitive) on established connections from external to internal networks as a reconnaissance indicator.
- ·The Snort/Suricata rule is classified as informational reconnaissance only (successful-recon-limited), not an active exploit — access to phpinfo.php is the vulnerability itself, not a secondary payload delivery.
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hq2r-mf53-3xgj: The installation procedure for Invision Board suggests that users install the phpinfo
ghsa_unreviewed·2022-04-30
CVE-2002-1149 [MEDIUM] GHSA-hq2r-mf53-3xgj: The installation procedure for Invision Board suggests that users install the phpinfo
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
VulnCheck
Invision Board phpinfo.php Information Disclosure Vulnerability
vulncheck·2002·CVSS 5.0
CVE-2002-1149 [MEDIUM] Invision Board phpinfo.php Information Disclosure Vulnerability
Invision Board phpinfo.php Information Disclosure Vulnerability
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
Affected: invision_power_services invision_board
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.aquasec.com/blog/sink-or-swim-tackling-2024s-record-breaking-vulnerability-wave/
Suricata
ET WEB_SERVER WEB-PHP phpinfo access
suricata·2010-09-23
CVE-2002-1149 ET WEB_SERVER WEB-PHP phpinfo access
ET WEB_SERVER WEB-PHP phpinfo access
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER WEB-PHP phpinfo access"; flow:established,to_server; http.uri; content:"/phpinfo.php"; nocase; reference:bugtraq,5789; reference:cve,2002-1149; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=3356; classtype:successful-recon-limited; sid:2019526; rev:6; metadata:created_at 2010_09_23, cve CVE_2002_1149, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06;)
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=103290602609197&w=2http://www.iss.net/security_center/static/10178.phphttp://www.osvdb.org/3356http://www.securityfocus.com/bid/5789http://marc.info/?l=bugtraq&m=103290602609197&w=2http://www.iss.net/security_center/static/10178.phphttp://www.osvdb.org/3356http://www.securityfocus.com/bid/5789
2002-10-11
Published
Exploited in the wild