CVE-2005-2951 Information

Description

Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via ..\ sequences and \00\ (trailing null byte) characters in the l parameter which is used in an include_once statement.

Reference

http://marc.info/?l=bugtraq&m=112662698511403&w=2 http://rgod.altervista.org/azdg.html http://secunia.com/advisories/16814/ http://securityreason.com/securityalert/5 http://www.securityfocus.com/bid/14819 https://exchange.xforce.ibmcloud.com/vulnerabilities/22258