Lucene search

MitreCVE-2005-3048

HistorySep 24, 2005 - 12:03 a.m.

CVE-2005-3048

2005-09-2400:03:00

mitre

web.nvd.nist.gov

cve

2005

3048

directory traversal

vulnerability

phpmyfaq

code injection

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.012

Percentile

85.8%

JSON

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a … (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.

Affected configurations

Nvd

Node

phpmyfaqphpmyfaqMatch1.5.1

VendorProductVersionCPE
phpmyfaqphpmyfaq1.5.1cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyfaq	phpmyfaq	1.5.1	cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:::::::*

References

marc.info/?l=bugtraq&m=112749230124091&w=2

rgod.altervista.org/phpmyfuck151.html

www.osvdb.org/19672

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.012

Percentile

85.8%

JSON

Related for CVE-2005-3048