Vulnerabilities > CVE-2005-2951 - Directory Traversal vulnerability in Azerbaijan Development Group Azdgdating 2.1.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
azerbaijan-development-group
exploit available
NVD
Published: 2005-09-16
Updated: 2017-07-11

Summary

Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.

Vulnerable Configurations

Part Description Count
Application
Azerbaijan_Development_Group
1

Exploit-Db

descriptionAzDGDatingLite <= 2.1.3 Remote Code Execution Exploit. CVE-2005-2951. Webapps exploit for php platform
idEDB-ID:1214
last seen2016-01-31
modified2005-09-13
published2005-09-13
reporterrgod
sourcehttps://www.exploit-db.com/download/1214/
titleAzDGDatingLite <= 2.1.3 - Remote Code Execution Exploit

References