← CVECheck
HomeVulnerabilities

CVE-2002-0249 — MEDIUM severity vulnerability (PHP for Windows, when installed on Apache 2.0.28 beta as a s)

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.

CVE IDCVE-2002-0249
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2002-05-29
Last modified2026-04-16
DescriptionPHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →