cbcvebase.
CVE-2005-2792
published 2005-09-02

CVE-2005-2792: Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the…

PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
11.67%
95.5th percentile
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianphpldapadmin< phpldapadmin 0.9.6c-7 (bookworm)phpldapadmin 0.9.6c-7 (bookworm)
phpldapadmin_projectphpldapadmin
phpldapadmin_projectphpldapadmin
phpldapadmin_projectphpldapadmin>= 0 < 0.9.6c-70.9.6c-7
phpldapadmin_projectphpldapadmin>= 0 < 0.9.6c-70.9.6c-7
phpldapadmin_projectphpldapadmin>= 0 < 0.9.6c-70.9.6c-7

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.