6.7 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.6%
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via … (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
CPE | Name | Operator | Version |
---|---|---|---|
phpgroupware:phpgroupware | phpgroupware | eq | 0.9.16 |
secunia.com/advisories/17441
secunia.com/advisories/17570
secunia.com/advisories/17584
secunia.com/advisories/17616
secunia.com/advisories/17620
secunia.com/advisories/17643
secunia.com/advisories/17698
www.debian.org/security/2005/dsa-897
www.debian.org/security/2005/dsa-898
www.debian.org/security/2005/dsa-899
www.gentoo.org/security/en/glsa/glsa-200511-18.xml
www.hardened-php.net/advisory_212005.81.html
www.mandriva.com/security/advisories?name=MDKSA-2005:212
www.securityfocus.com/archive/1/416543
www.securityfocus.com/bid/15396
www.securityfocus.com/bid/15414
exchange.xforce.ibmcloud.com/vulnerabilities/23107