Vulnerability Details CVE-2005-2001
Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=111885787217807&w=2
- http://www.gulftech.org/?node=research&article_id=00082-06142005
- http://www.phparena.net/
- http://www.phparena.net/pafiledb_patch/
- http://marc.info/?l=bugtraq&m=111885787217807&w=2
- http://www.gulftech.org/?node=research&article_id=00082-06142005
- http://www.phparena.net/
- http://www.phparena.net/pafiledb_patch/
Products affected by CVE-2005-2001
-
cpe:2.3:a:php_arena:pafiledb:1.1.3
-
cpe:2.3:a:php_arena:pafiledb:2.1.1
-
cpe:2.3:a:php_arena:pafiledb:3.0
-
cpe:2.3:a:php_arena:pafiledb:3.0_beta_3.1
-
cpe:2.3:a:php_arena:pafiledb:3.1