Encoded Directory Traversal Vulnerability in phpPgAdmin by phpPgAdmin
CVE-2005-2256

Currently unrated

Key Information:

Vendor

PHPpgadmin

Status
PHPpgadmin
Vendor
CVE Published:
13 July 2005

What is CVE-2005-2256?

An encoded directory traversal vulnerability exists in phpPgAdmin versions 3.1 to 3.5.3, allowing remote attackers to exploit the formLanguage parameter. By crafting requests with encoded dot dot sequences like '%2e%2e%2f', attackers can gain unauthorized access to files on the server. This poses significant risks to the confidentiality and integrity of the server's file system.

References

http://www.debian.org/security/2005/dsa-759
vendor-advisoryx_refsource_DEBIAN
http://archives.neohapsis.com/archives/dailydave/2005-q3/...
mailing-listx_refsource_MLIST
http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001...
x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.