CVE-2005-2255

Published: Jul 13, 2005Modified: Apr 16, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.

Affected (1)

Products: Gianluca Baldo: Phpauction

Gianluca Baldo

1 product

Phpauction

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gianluca Baldo Phpauction	Version 2.5

References (4)

http://secunia.com/advisories/15967

Source: cve@mitre.org

http://securitytracker.com/id?1014423

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/15967

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1014423

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.