CVE-2003-0536

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-22459 webapps php verified text · 1 KB

Albert Puigsech Galicia · 2003-04-04

PHPSysInfo 2.0/2.1 - 'index.php' LNG File Disclosure

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/7286/info

PHPSysInfo has been reported to be vulnerable to a file disclosure issue.

Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious language file is symlinked to a web server readable file, the contents of the linked file may be disclosed to the attacker. The file may also contain PHP code which may be executed in the context of the web server hosting the vulnerable application.

This attack may lead to confidential or sensitive information disclosure, which could be used to launch other attacks.

~$ ln -s /etc/passwd /tmp/p.php
http://www.example.com/index.php?lng=../../../../tmp/p


~$ echo "<?php phpinfo() ?>" > /tmp/p.php
http://www.example.com/index.php?lng=../../../../tmp/p

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`2.1-1`
sid	Fixed	`2.1-1`
forky	Fixed	`2.1-1`
bullseye	Fixed	`2.1-1`
bookworm	Fixed	`2.1-1`

References

https://security-tracker.debian.org/tracker/CVE-2003-0536

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.