Vulnerabilities > CVE-2000-0919 - Unspecified vulnerability in PHPix 1.0/1.0.1/1.0.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | PHPix 1.0 Directory Traversal Vulnerability. CVE-2000-0919. Webapps exploit for php platform |
id | EDB-ID:20278 |
last seen | 2016-02-02 |
modified | 2000-10-07 |
published | 2000-10-07 |
reporter | Synnergy.net |
source | https://www.exploit-db.com/download/20278/ |
title | phpix 1.0 - Directory Traversal Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PHPIX.NASL |
description | The PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F.. For example: GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 will return all the files that are nested within /etc directory. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10574 |
published | 2000-12-11 |
reporter | This script is Copyright (C) 2000-2018 Zorgon <[email protected]> |
source | https://www.tenable.com/plugins/nessus/10574 |
title | PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access |
code |
|