CVE-2005-3347
phpgroupware <= 0.9.16 - Path Traversal via sensor_program or HTTP_ACCEPT_LANGUAGE Parameter
Title source: llmDescription
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
References (17)
Core 17
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17616
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15396
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15414
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17698
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-898
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17441
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/416543
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-897
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17620
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17584
Various Sources x_refsource_misc
http://www.hardened-php.net/advisory_212005.81.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17570
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-899
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17643
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23107
Scores
EPSS
0.0355
EPSS Percentile
87.9%
Details
CWE
CWE-22
Status
published
Products (1)
phpgroupware/phpgroupware
0.9.16
Published
Nov 18, 2005
Tracked Since
Feb 18, 2026