CVE-2002-2247
CVE-2002-2247 is a medium-severity vulnerability in Mambo Mambo Site Server with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-16.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 3% (83rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-16
- Affected product: Mambo Mambo Site Server
- Published:
- Last modified:
Description
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
Frequently asked questions
- What is CVE-2002-2247?
- The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
- How severe is CVE-2002-2247?
- CVE-2002-2247 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2002-2247 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (83rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2002-2247?
- CVE-2002-2247 affects Mambo Mambo Site Server. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2002-2247?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2002-2247 published?
- CVE-2002-2247 was published on 2002-12-31 and last updated on 2026-06-16.
References
- http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
- http://www.securityfocus.com/bid/6376
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10853
Affected products (1)
- cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*
More vulnerabilities in Mambo Mambo Site Server
- CVE-2002-2290 — Critical (CVSS 10.0): Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain…
- CVE-2001-1011 — Critical (CVSS 10.0): index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by…
- CVE-2002-1662 — Medium (CVSS 6.8): Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute…
- CVE-2007-4745 — Medium (CVSS 4.3): Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo…
- CVE-2003-1203 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute…
- CVE-2005-3738 — Low (CVSS 2.6): globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to…
All CVEs affecting Mambo Mambo Site Server →
Other CWE-16 vulnerabilities
- CVE-2013-4316 — Critical (CVSS 10.0): Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack…
- CVE-2013-1221 — Critical (CVSS 10.0): The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not…
- CVE-2011-4501 — Critical (CVSS 10.0): The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg,…
- CVE-2010-4586 — Critical (CVSS 10.0): The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and…
- CVE-2010-2977 — Critical (CVSS 10.0): Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has…
- CVE-2010-2276 — Critical (CVSS 10.0): The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2,…