CVE-2005-2001

Properties

Published:
14.06.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:C/I:N/A:N/B:N) Approximated
    Product:
    PHP Arena: paFileDB
    PHP Arena: paFileDB
    PHP Arena: paFileDB
    PHP Arena: paFileDB
    PHP Arena: paFileDB

    Vulnerability description

    Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.

    References:

    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111885787217807&w=2
    MISC: http://www.gulftech.org/?node=research&article_id=00082-06142005
    CONFIRM: http://www.phparena.net/
    CONFIRM: http://www.phparena.net/pafiledb_patch/
    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111885787217807&w=2
    MISC: http://www.gulftech.org/?node=research&article_id=00082-06142005