Lucene search

[email protected]CVE-2005-3048

HistorySep 24, 2005 - 12:03 a.m.

CVE-2005-3048

2005-09-2400:03:00

[email protected]

web.nvd.nist.gov

cve

2005

3048

directory traversal

vulnerability

phpmyfaq

code injection

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a … (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.

Affected configurations

NVD

Node

phpmyfaqphpmyfaqMatch1.5.1

CPENameOperatorVersion
phpmyfaq:phpmyfaqphpmyfaqeq1.5.1

CPE	Name	Operator	Version
phpmyfaq:phpmyfaq	phpmyfaq	eq	1.5.1

References

marc.info/?l=bugtraq&m=112749230124091&w=2

rgod.altervista.org/phpmyfuck151.html

www.osvdb.org/19672

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2005-3048

nvd1 cvelist1 freebsd1 nessus1 openvas2