BasiliX Attachment Disclosure Vulnerability (CVE-2002-1711)

The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under /tmp/BasiliX, which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files on it can access attachments uploaded to BasiliX.

远程网络服务器包含一系列易于信息泄露的 PHP 脚本。描述如下：远程主机似乎正在运行 BasiliX 版本 1.1.0 或更低版本。此类版本默认将附件保存在 /tmp/BasiliX 目录下，该目录为全局可读，并且似乎从未被 BasiliX 本身清空。因此，任何拥有受影响系统 shell 访问权限或能够在其上放置 CGI 文件的用户均可访问上传至 BasiliX 的附件。