Description

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.

Remediation

References

CVE-2002-0253

Related Vulnerabilities

Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2024-25610)

Oracle JRE CVE-2014-0453 Vulnerability (CVE-2014-0453)

Tornado URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-28370)

Oracle JRE CVE-2013-2456 Vulnerability (CVE-2013-2456)

WordPress Plugin WordPress File Upload Multiple Unspecified Vulnerabilities (3.10.0)

Severity

Medium

Classification

CVE-2002-0253

Tags

Missing Update Known Vulnerabilities