CVE-2005-3347

EPSS 3.55%
Veröffentlicht 18.11.2005 02:02:00
Zuletzt bearbeitet 16.06.2026 22:16:46
Quelle security@debian.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536.  NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 20

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpgroupware ≫ Phpgroupware Version0.9.16

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.55%	0.878

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/17616

http://secunia.com/advisories/17643

http://www.debian.org/security/2005/dsa-897

http://www.debian.org/security/2005/dsa-898

Patch

Vendor Advisory

http://www.debian.org/security/2005/dsa-899

http://www.mandriva.com/security/advisories?name=MDKSA-2005:212

http://www.securityfocus.com/archive/1/416543

http://www.securityfocus.com/bid/15414

http://secunia.com/advisories/17441

http://secunia.com/advisories/17570

http://secunia.com/advisories/17584

http://secunia.com/advisories/17620

http://secunia.com/advisories/17698

http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml

http://www.hardened-php.net/advisory_212005.81.html

http://www.securityfocus.com/bid/15396

https://exchange.xforce.ibmcloud.com/vulnerabilities/23107

https://nvd.nist.gov/vuln/detail/CVE-2005-3347

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3347

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3347

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2005-3347