CVE-2005-2255
CVE-2005-2255 is a medium-severity vulnerability in Gianluca Baldo Phpauction with a CVSS 2.0 base score of 6.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.4)
- EPSS exploit prediction: 2% (71st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Gianluca Baldo Phpauction
- Published:
- Last modified:
Description
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
Frequently asked questions
- What is CVE-2005-2255?
- Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
- How severe is CVE-2005-2255?
- CVE-2005-2255 has a CVSS 2.0 base score of 6.4, rated medium severity.
- Is CVE-2005-2255 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (71st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-2255?
- CVE-2005-2255 affects Gianluca Baldo Phpauction. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2005-2255?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-2255 published?
- CVE-2005-2255 was published on 2005-07-13 and last updated on 2026-06-16.
References
Affected products (1)
- cpe:2.3:a:gianluca_baldo:phpauction:2.5:*:*:*:*:*:*:*
More vulnerabilities in Gianluca Baldo Phpauction
- CVE-2006-3984 — High (CVSS 7.5): PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later…
- CVE-2005-2253 — High (CVSS 7.5): SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter…
- CVE-2005-2252 — High (CVSS 7.5): PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the…
- CVE-2002-0995 — High (CVSS 7.5): login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action…
- CVE-2005-2254 — Medium (CVSS 4.3): Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web…