CVE-2002-0918

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.

Published: Oct 4, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0918
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cgiscript.net / cspassword	1.0	1.0.x

http://online.securityfocus.com/archive/1/274727
http://www.iss.net/security_center/static/9221.php
http://www.securityfocus.com/bid/4887

Vulnerability Database

CVE-2002-0918