CVE-2005-3048

PhpMyFaq 1.5.1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1226

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/19672

[Various Sources] http://rgod.altervista.org/phpmyfuck151.html

[Mailing List] http://marc.info/?l=bugtraq&m=112749230124091&w=2

Scores

EPSS 0.0427

EPSS Percentile 88.9%

Details

Status published

Products (1)

phpmyfaq/phpmyfaq 1.5.1

Published Sep 24, 2005

Tracked Since Feb 18, 2026