Vulnerabilities > CVE-2005-2256 - Directory Traversal vulnerability in PHPPGAdmin Login Form
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-759.NASL description A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that last seen 2020-06-01 modified 2020-06-02 plugin id 19221 published 2005-07-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19221 title Debian DSA-759-1 : phppgadmin - missing input sanitising NASL family CGI abuses NASL id PHPPGADMIN_FORMLANGUAGE_DIR_TRAVERSAL.NASL description The remote host is running phpPgAdmin, a web-based administration tool for PostgreSQL. The installed version of phpPgAdmin fails to filter directory traversal sequences from user input supplied to the last seen 2020-06-01 modified 2020-06-02 plugin id 18637 published 2005-07-07 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18637 title phpPgAdmin index.php formLanguage Parameter Local File Inclusion NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_88188A8CEFF611D983100001020EED82.NASL description A Secunia Advisory reports : A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information. Input passed to the last seen 2020-06-01 modified 2020-06-02 plugin id 19350 published 2005-08-01 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19350 title FreeBSD : phppgadmin -- 'formLanguage' local file inclusion vulnerability (88188a8c-eff6-11d9-8310-0001020eed82)
References
- http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html
- http://secunia.com/advisories/15941
- http://secunia.com/advisories/16116
- http://securitytracker.com/id?1014414
- http://sourceforge.net/project/shownotes.php?release_id=342261
- http://www.debian.org/security/2005/dsa-759
- http://www.securityfocus.com/bid/14142
- http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html