CVE-2010-1110
phpMySport 1.4 - Path Traversal via Current Folder Parameter
Title source: llmDescription
Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. (dot dot) in the current_folder parameter.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55763
Product x_refsource_misc
http://phpmysport.sourceforge.net/en/forum/bugs/sujet_2851.html
Exploit x_refsource_misc
http://packetstormsecurity.org/1001-exploits/phpmysport-sqlaccess.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37856
Scores
EPSS
0.0157
EPSS Percentile
72.4%
Details
CWE
CWE-22
Status
published
Products (1)
djayp/phpmysport
1.4
Published
Mar 25, 2010
Tracked Since
Feb 18, 2026