← back
CVE-2006-5263

CVE-2006-5263

EPSS 2.5%
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2500unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/22346https://exchange.xforce.ibmcloud.com/vulnerabilities/29413https://www.exploit-db.com/exploits/2500http://www.securityfocus.com/bid/20453http://www.vupen.com/english/advisories/2006/4005