CVE-2005-2782
published 2005-09-02CVE-2005-2782: PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.67%
83.8th percentile
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| autolinks | autolinks | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Incomplete List of Disallowed Inputs
mitre_cwe
CWE-184 Incomplete List of Disallowed Inputs
CWE-184: Incomplete List of Disallowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Modes of Introduction:
Phase: Implementation
Note: Developers often try to protect their products against malicious input by checking against lists of known bad inputs, such as special characters that can invoke new commands. However, such lists often only address the most well-known bad inputs. As a quick fix, developers might rely on these lists instead of addressing the root cause of the issue. See [REF-141].
Phase: Architecture and Design
Note: The design might rely solely on detection of m
CWE
Incomplete Comparison with Missing Factors
mitre_cwe
CWE-1023 Incomplete Comparison with Missing Factors
CWE-1023: Incomplete Comparison with Missing Factors
The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Access Control. Impact: Alter Execution Logic, Bypass Protection Mechanism. An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.
Potential Mitigations:
[Testing] Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
Examples:
Consider an application in which Truck objects are de
http://marc.info/?l=bugtraq&m=112535379716486&w=2http://secunia.com/advisories/16620/http://www.securityfocus.com/bid/14686https://exchange.xforce.ibmcloud.com/vulnerabilities/22061http://marc.info/?l=bugtraq&m=112535379716486&w=2http://secunia.com/advisories/16620/http://www.securityfocus.com/bid/14686https://exchange.xforce.ibmcloud.com/vulnerabilities/22061
2005-09-02
Published