CVE-2002-0253 Information

Description

PHP when not configured with the \display_errors = Off\ setting in php.ini allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program which modifies the base path causes the include directive to fail and produces an error message that contains the path.

Reference

http://marc.info/?l=bugtraq&m=101318944130790&w=2 http://www.iss.net/security_center/static/8122.php http://www.securityfocus.com/bid/4063