Unrated severityNVD Advisory· Published Nov 30, 2005· Updated Jun 16, 2026
CVE-2005-3910
CVE-2005-3910
Description
merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.
Affected products
2cpe:2.3:a:post_affiliate_pro:post_affiliate_pro:2.0.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:post_affiliate_pro:post_affiliate_pro:2.0.4:*:*:*:*:*:*:*
- (no CPE)range: <=2.0.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.