CVE-2005-3347

Name	CVE-2005-3347
Description	Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-897-1, DSA-898-1, DSA-899-1
Debian Bugs	339079

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
phpsysinfo (PTS)	jessie	3.0.17-1	fixed
	bullseye	3.2.5-3	fixed
	bookworm	3.4.2-3	fixed
	sid, trixie	3.4.3-3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
egroupware	source	sarge	1.0.0.007-2.dfsg-2sarge4		DSA-899-1
egroupware	source	(unstable)	1.0.0.009.dfsg-3-3
phpgroupware	source	woody	0.9.14-0.RC3.2.woody5		DSA-898-1
phpgroupware	source	sarge	0.9.16.005-3.sarge4		DSA-898-1
phpgroupware	source	(unstable)	0.9.16.008-2
phpsysinfo	source	woody	2.0-3woody3		DSA-897-1
phpsysinfo	source	sarge	2.3-4sarge1		DSA-897-1
phpsysinfo	source	(unstable)	2.3-7			339079