CVE-2005-0796 - Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary

CVE-2005-0796

Summary

Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.

References

Vulnerable Configurations

cpe:2.3:a:hola:holacms:*:*:*:*:*:*:*:*
cpe:2.3:a:hola:holacms:*:*:*:*:*:*:*:*
cpe:2.3:a:hola:holacms:1.4.9_1:*:*:*:*:*:*:*
cpe:2.3:a:hola:holacms:1.4.9_1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 03:14)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20050315 Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access
confirm	http://www.holacms.de/?content=changelog
secunia	14566

Last major update

18-10-2016 - 03:14

Published

02-05-2005 - 04:00

Last modified

18-10-2016 - 03:14