CVE-2005-2256

EPSS 12.5%

phppgadmin - missing input sanitising

Published: 7/13/2005Modified: 4/28/2026

Description

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

Affected packages (2)

Debian/phppgadminfrom 0, < 3.5.4-1
Debian/phppgadminfrom 0, < 3.5.2-5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-2256