cbcvebase.
CVE-2005-2256
published 2005-07-13

CVE-2005-2256: Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot)…

PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.64%
90.6th percentile
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianphppgadmin< phppgadmin 3.5.4-1 (forky)phppgadmin 3.5.4-1 (forky)
phppgadminphppgadmin
phppgadminphppgadmin
phppgadminphppgadmin
phppgadminphppgadmin
phppgadminphppgadmin
phppgadminphppgadmin
phppgadmin_projectphppgadmin>= 0 < 3.5.4-13.5.4-1
phppgadmin_projectphppgadmin>= 0 < 3.5.4-13.5.4-1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.