Lucene search

[email protected]CVE-2005-4424

HistoryDec 20, 2005 - 11:03 a.m.

CVE-2005-4424

2005-12-2011:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4424

phpkit

directory traversal

vulnerability

remote code execution

7.3 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

JSON

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a … (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.

CPENameOperatorVersion
phpkit:phpkitphpkiteq1.6.02
phpkit:phpkitphpkiteq1.6.03
phpkit:phpkitphpkiteq1.6.1

CPE	Name	Operator	Version
phpkit:phpkit	phpkit	eq	1.6.02
phpkit:phpkit	phpkit	eq	1.6.03
phpkit:phpkit	phpkit	eq	1.6.1

References

cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html

secunia.com/advisories/17479

securityreason.com/securityalert/157

www.hardened-php.net/advisory_212005.80.html

www.osvdb.org/20562

www.securityfocus.com/bid/15354

exchange.xforce.ibmcloud.com/vulnerabilities/23014

7.3 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for CVE-2005-4424

nessus1