CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-3910

merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.0%

CVSS Severity

CVSS v2 Score 5.0

References

http://pridels0.blogspot.com/2005/11/post-affiliate-pro-20x-vuln.html
http://pridels0.blogspot.com/2005/11/post-affiliate-pro-20x-vuln.html

Products affected by CVE-2005-3910

Post Affiliate Pro » Post Affiliate Pro » Version: 2.0.4

cpe:2.3:a:post_affiliate_pro:post_affiliate_pro:2.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3910

Products

Pricing

Contact Us