CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html	Vendor Advisory
http://www.phpmyfaq.de/advisory_2004-05-18.php	Vendor Advisory
http://www.securityfocus.com/bid/10377	Patch
http://securitytracker.com/id?1010190	Patch
http://secunia.com/advisories/11640	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/363636
https://exchange.xforce.ibmcloud.com/vulnerabilities/16223

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2256

Mitre link : CVE-2004-2256

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

phpmyfaq

phpmyfaq

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html", "name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability", "tags": ["Vendor Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php", "name": "http://www.phpmyfaq.de/advisory_2004-05-18.php", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/10377", "name": "10377", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1010190", "name": "1010190", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/11640", "name": "11640", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/archive/1/363636", "name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223", "name": "phpmyfaq-lang-directory-traversal(16223)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2256", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}