CVE-2005-3347

phpgroupware <= 0.9.16 - Path Traversal via sensor_program or HTTP_ACCEPT_LANGUAGE Parameter

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

References (17)

Core 17
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17616
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15396
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15414
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17698
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-898
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17441
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/416543
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-897
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17620
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17584
Various Sources x_refsource_misc
http://www.hardened-php.net/advisory_212005.81.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17570
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-899
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17643
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23107

Scores

EPSS 0.0355
EPSS Percentile 87.9%

Details

CWE
CWE-22
Status published
Products (1)
phpgroupware/phpgroupware 0.9.16
Published Nov 18, 2005
Tracked Since Feb 18, 2026