CVE-2005-0796

Sažetak

Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.

Reference

http://marc.info/?l=bugtraq&m=111090966815089&w=2
http://secunia.com/advisories/14566
http://www.holacms.de/?content=changelog

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-10-2016 - 03:14

Objavljeno

02-05-2005 - 04:00