CVE-2005-2686

2005-08-2404:00:00

mitre

www.cve.org

directory traversal

savewebportal 3.4

remote attackers

arbitrary files

php programs

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

77.5%

JSON

Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via “…” sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.

References

rgod.altervista.org/save_yourself_from_savewebportal34.html

secunia.com/advisories/16522