Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Azerbaijan Development Group
  • Azdgdating

Configuration 1 [-]

cpe:2.3:a:azerbaijan_development_group:azdgdating:2.1.3:*:lite:*:*:*:*:*
References
Link Resource
http://marc.info/?l=bugtraq&m=112662698511403&w=2
http://rgod.altervista.org/azdg.html Exploit Vendor Advisory
http://secunia.com/advisories/16814/ Vendor Advisory
http://securityreason.com/securityalert/5
http://www.securityfocus.com/bid/14819 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/22258
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-09-16T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-09-16T00:00:00

Link: CVE-2005-2951

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2005-09-16T22:03:00.000

Modified: 2017-07-11T01:33:03.347

Link: CVE-2005-2951

JSON object: View

cve-icon Redhat Information

No data.

CWE