CVE-2004-2255

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html
Vendor Advisory
http://secunia.com/advisories/11640
Patch
Vendor Advisory
http://securitytracker.com/id?1010190
http://www.osvdb.org/6300
Patch
http://www.phpmyfaq.de/advisory_2004-05-18.php
Vendor Advisory
http://www.securityfocus.com/bid/10374
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16177
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html
Vendor Advisory
http://secunia.com/advisories/11640
Patch
Vendor Advisory
http://securitytracker.com/id?1010190
http://www.osvdb.org/6300
Patch
http://www.phpmyfaq.de/advisory_2004-05-18.php
Vendor Advisory
http://www.securityfocus.com/bid/10374
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16177

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04746

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-j9vh-w3pf-6mgg

github

почти 4 года назад