6.4
CVSSv2

CVE-2005-3048

Published: 24/09/2005 Updated: 18/10/2016
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 645
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote malicious users to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.

Exploits

<?php # 1734 22/09/2005 # # # # phpmyfaq_xplphp # # # # PhpMyFaq 15 ...