Vulnerability Description
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpsimplicity | Simplicity Of Upload | 1.3 |
References
- http://rgod.altervista.org/simply.htmlExploit
- http://secunia.com/advisories/16273
- http://securitytracker.com/id?1014591Exploit
- http://www.phpsimplicity.com/scripts.php?id=3Patch
- http://www.securityfocus.com/bid/14424Patch
- http://rgod.altervista.org/simply.htmlExploit
- http://secunia.com/advisories/16273
- http://securitytracker.com/id?1014591Exploit
- http://www.phpsimplicity.com/scripts.php?id=3Patch
- http://www.securityfocus.com/bid/14424Patch
FAQ
What is CVE-2005-2607?
CVE-2005-2607 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a t...
How severe is CVE-2005-2607?
CVE-2005-2607 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2607?
Check the references section above for vendor advisories and patch information. Affected products include: Phpsimplicity Simplicity Of Upload.