Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.

Published

2004-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyfaq	phpmyfaq	1.4_alpha1	No

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html Vendor Advisory ([email protected])
http://secunia.com/advisories/11640 Patch, Vendor Advisory ([email protected])
http://securitytracker.com/id?1010190 Patch ([email protected])
http://www.phpmyfaq.de/advisory_2004-05-18.php Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/363636 ([email protected])
http://www.securityfocus.com/bid/10377 Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/16223 ([email protected])
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/11640 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1010190 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.phpmyfaq.de/advisory_2004-05-18.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/363636 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/10377 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16223 (af854a3a-2127-422b-91ae-364da2661108)