OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
References
Configurations
History
No history.
Information
Published : 2004-11-23 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-0303
Mitre link : CVE-2004-0303
CVE.ORG link : CVE-2004-0303
JSON object : View
Products Affected
fools_workshop
- owls_workshop
CWE