CVE-2005-2792
published 2005-09-02CVE-2005-2792: Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
11.67%
95.5th percentile
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpldapadmin | < phpldapadmin 0.9.6c-7 (bookworm) | phpldapadmin 0.9.6c-7 (bookworm) |
| phpldapadmin_project | phpldapadmin | — | — |
| phpldapadmin_project | phpldapadmin | — | — |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-7 | 0.9.6c-7 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-7 | 0.9.6c-7 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-7 | 0.9.6c-7 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rw8c-ph3p-pggf: Directory traversal vulnerability in welcome
ghsa_unreviewed·2022-05-01
CVE-2005-2792 [MEDIUM] CWE-22 GHSA-rw8c-ph3p-pggf: Directory traversal vulnerability in welcome
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
OSV
CVE-2005-2792: Directory traversal vulnerability in welcome
osv·2005-09-02·CVSS 5.0
CVE-2005-2792 [MEDIUM] CVE-2005-2792: Directory traversal vulnerability in welcome
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
Debian
CVE-2005-2792: phpldapadmin - Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7...
vendor_debian·2005·CVSS 5.0
CVE-2005-2792 [MEDIUM] CVE-2005-2792: phpldapadmin - Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7...
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
Scope: local
bookworm: resolved (fixed in 0.9.6c-7)
forky: resolved (fixed in 0.9.6c-7)
sid: resolved (fixed in 0.9.6c-7)
trixie: resolved (fixed in 0.9.6c-7)
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112542447219235&w=2http://secunia.com/advisories/16617/http://www.rgod.altervista.org/phpldap.htmlhttp://www.securityfocus.com/bid/14695https://exchange.xforce.ibmcloud.com/vulnerabilities/22103http://marc.info/?l=bugtraq&m=112542447219235&w=2http://secunia.com/advisories/16617/http://www.rgod.altervista.org/phpldap.htmlhttp://www.securityfocus.com/bid/14695https://exchange.xforce.ibmcloud.com/vulnerabilities/22103
2005-09-02
Published