CVE-2005-2951

AzDGDatingLite <2.1.3 - RCE

Title source: llm

Description

Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1214

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://securityreason.com/securityalert/5

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22258

[Vendor Advisory] http://secunia.com/advisories/16814/

[Exploit] http://www.securityfocus.com/bid/14819

[Exploit, Vendor Advisory] http://rgod.altervista.org/azdg.html

[Mailing List] http://marc.info/?l=bugtraq&m=112662698511403&w=2

Scores

EPSS 0.0901

EPSS Percentile 92.6%

Details

Status published

Products (1)

azerbaijan_development_group/azdgdating 2.1.3

Published Sep 16, 2005

Tracked Since Feb 18, 2026