CVE-2005-4095 - Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 all

CVE-2005-4095

Summary

Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.

References

http://rgod.altervista.org/docebo204_xpl.html
http://secunia.com/advisories/1015308
http://secunia.com/advisories/17896
http://securitytracker.com/id?1015308
http://www.osvdb.org/21464
http://www.securityfocus.com/bid/15742
http://www.vupen.com/english/advisories/2005/2771
https://exchange.xforce.ibmcloud.com/vulnerabilities/23518

Vulnerable Configurations

cpe:2.3:a:docebolms:docebolms:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:docebolms:docebolms:2.0.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	15742
misc	http://rgod.altervista.org/docebo204_xpl.html
osvdb	21464
sectrack	1015308
secunia	1015308 17896
vupen	ADV-2005-2771
xf	docebolms-connector-directory-traversal(23518)

Last major update

20-07-2017 - 01:29

Published

08-12-2005 - 11:03

Last modified

20-07-2017 - 01:29