CVE-2005-2255
published 2005-07-13CVE-2005-2255: Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path…
PriorityP421medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
1.51%
71.2th percentile
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gianluca_baldo | phpauction | — | — |
| phpauction | phpauction | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xr45-42h9-q5rf: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-17·CVSS 6.4
CVE-2008-7000 [MEDIUM] CWE-94 GHSA-xr45-42h9-q5rf: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
GHSA
GHSA-f5v5-r95w-q486: Directory traversal vulnerability in PhpAuction 2
ghsa_unreviewed·2022-05-01
CVE-2005-2255 [MEDIUM] GHSA-f5v5-r95w-q486: Directory traversal vulnerability in PhpAuction 2
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2005-07-13
Published