CVE-2005-2892

PBLang <4.65 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · textwebappsphp

https://www.exploit-db.com/exploits/26231

View Code ZIP pw:eip

exploitdb WRITEUP

by Number 7 · textwebappsphp

https://www.exploit-db.com/exploits/18590

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_sectrack

http://securitytracker.com/alerts/2005/Sep/1014861.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=112611338417979&w=2

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14765

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16711/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/22185

Scores

EPSS 0.0524

EPSS Percentile 90.0%

Details

Status published

Products (1)

pblang/pblang 4.65

Published Sep 14, 2005

Tracked Since Feb 18, 2026