← back
CVE-2005-3048

CVE-2005-3048

EPSS 8.3%
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/1226unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=112749230124091&w=2http://rgod.altervista.org/phpmyfuck151.htmlhttp://www.osvdb.org/19672