CVE-2005-2997 : Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitr

Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php.

Published 2005-09-20 22:03:00

Updated 2008-09-05 20:53:11

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2005-2997

Probability of exploitation activity in the next 30 days: 0.25%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-2997

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2005-2997

http://rgod.altervista.org/phpatm130.html

Exploit

CVEs referencing this url

Products affected by CVE-2005-2997

Bugada Andrea » Php Advanced Transfer Manager » Version: 1.30
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.30:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-2997

Exploit prediction scoring system (EPSS) score for CVE-2005-2997

CVSS scores for CVE-2005-2997

References for CVE-2005-2997

Products affected by CVE-2005-2997