Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110868948719773&w=2 | Exploit Mailing List Third Party Advisory |
http://marc.info/?l=full-disclosure&m=110864983905770&w=2 | Exploit Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/12583 | Broken Link Exploit Patch Third Party Advisory VDB Entry |
http://marc.info/?l=bugtraq&m=110868948719773&w=2 | Exploit Mailing List Third Party Advisory |
http://marc.info/?l=full-disclosure&m=110864983905770&w=2 | Exploit Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/12583 | Broken Link Exploit Patch Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=110868948719773&w=2 - Exploit, Mailing List, Third Party Advisory | |
References | () http://marc.info/?l=full-disclosure&m=110864983905770&w=2 - Exploit, Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/12583 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry |
02 Feb 2024, 16:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Guillaumegardey
Guillaumegardey biborb |
|
CPE | cpe:2.3:a:guillaumegardey:biborb:1.3.2:rc:*:*:*:*:*:* cpe:2.3:a:guillaumegardey:biborb:1.3.2:-:*:*:*:*:*:* |
26 Jan 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
References | (FULLDISC) http://marc.info/?l=full-disclosure&m=110864983905770&w=2 - Exploit, Mailing List, Third Party Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=110868948719773&w=2 - Exploit, Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/12583 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : unknown |
CPE | cpe:2.3:a:markusmobius:biborb:1.3.2:*:*:*:*:*:*:* | |
First Time |
Markusmobius
Markusmobius biborb |
Information
Published : 2005-05-02 04:00
Updated : 2024-11-20 23:54
NVD link : CVE-2005-0253
Mitre link : CVE-2005-0253
CVE.ORG link : CVE-2005-0253
JSON object : View
Products Affected
guillaumegardey
- biborb
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')