CVE-2005-2951 - Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier

CVE-2005-2951

Summary

Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.

References

Vulnerable Configurations

cpe:2.3:a:azerbaijan_development_group:azdgdating:2.1.3:*:lite:*:*:*:*:*
cpe:2.3:a:azerbaijan_development_group:azdgdating:2.1.3:*:lite:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14819
bugtraq	20050913 AzDGDatingLite V 2.1.3 remote code execution
misc	http://rgod.altervista.org/azdg.html
secunia	16814
sreason	5
xf	azdgdating-securityinc-code-execution(22258)

Last major update

11-07-2017 - 01:33

Published

16-09-2005 - 22:03

Last modified

11-07-2017 - 01:33