CVE-2004-2255

high

Description

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16177

http://www.securityfocus.com/bid/10374

http://www.phpmyfaq.de/advisory_2004-05-18.php

http://www.osvdb.org/6300

http://securitytracker.com/id?1010190

http://secunia.com/advisories/11640

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.04746

Detections

Analytics