← CVECheck
HomeVulnerabilities

CVE-2002-0253 — MEDIUM severity vulnerability (PHP, when not configured with the "display_errors = Off" set)

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message t

CVE IDCVE-2002-0253
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2002-05-29
Last modified2026-04-16
DescriptionPHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →