V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2005-3048
CVE
MediumConfirmedExploit available

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP f…

CVSS
6.4
Medium
EPSS
0.08
p94
Published
2005-01-01
Updated
2005-01-01
Description

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.

Affected products
Phpmyfaq
CVSS vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Timeline
2005-01-01
Published
2005-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.083 · p94
Known exploited (KEV)
No
Known exploits — Сканер-ВС
1226
exploitdb · https://www.exploit-db.com/exploits/1226
Enterprise
Affected products
ProductVendorStatus
phpmyfaq*Tracked
Source databases
CVE