Directory Traversal Vulnerabilities in phpwcms by phpwcms GmbH
CVE-2005-3789

Currently unrated

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 24 November 2005

What is CVE-2005-3789?

The vulnerability in phpwcms 1.2.5 allows remote attackers to access sensitive files on the server by exploiting directory traversal flaws. Attackers can manipulate the 'form_lang' parameter in 'login.php' and the 'imgdir' parameter in 'random_image.php' to traverse directories, effectively reading arbitrary files. This poses a significant risk for data exposure and can lead to further exploitation of the web application. Proper validation and sanitization of input parameters are crucial to safeguard against such threats.

References

http://www.vupen.com/english/advisories/2005/2452

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/15436/

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=113207712719472&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Nov 24, 2005
Vulnerability Reserved
Nov 24, 2005

JSON

PHPwcms

What is CVE-2005-3789?

References

Timeline