Back to search
CVE-2005-0796
Published: Mar 20, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.holacms.de/?content=changelog
x_refsource_CONFIRM
14566
third-party-advisory
x_refsource_SECUNIA
20050315 Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now