Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4301 | 1 Phpxplorer | 1 Phpxplorer | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field. | |||||
| CVE-2006-0434 | 1 Phpxplorer | 1 Phpxplorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability. | |||||
| CVE-2006-0244 | 1 Phpxplorer | 1 Phpxplorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root. | |||||