CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-3048

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.036

EPSS Ranking 87.3%

CVSS Severity

CVSS v2 Score 6.4

References

http://marc.info/?l=bugtraq&m=112749230124091&w=2
http://rgod.altervista.org/phpmyfuck151.html
http://www.osvdb.org/19672
http://marc.info/?l=bugtraq&m=112749230124091&w=2
http://rgod.altervista.org/phpmyfuck151.html
http://www.osvdb.org/19672

Products affected by CVE-2005-3048

Phpmyfaq » Phpmyfaq » Version: 1.5.1

cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3048

Products

Pricing

Contact Us