PT-2005-4540 · Phpcms · Phpcms

Stefan Lochbihler

Published

2005-11-24

Updated

2016-10-18

CVE-2005-3789

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpwcms version 1.2.5

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the form lang parameter in "login.php" or the imgdir parameter in "random image.php".

Recommendations For phpwcms version 1.2.5, avoid using the form lang parameter in "login.php" and the imgdir parameter in "random image.php" until a patch is available. Restrict access to "login.php" and "random image.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3789

Affected Products

Phpcms

PT-2005-4540 · Phpcms · Phpcms

CVE-2005-3789

Related Identifiers

Affected Products

References · 8