Vulnerability Details CVE-2005-0795
HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2005-03/0210.html
- http://secunia.com/advisories/14566
- http://www.holacms.de/?content=changelog
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19672
- http://archives.neohapsis.com/archives/bugtraq/2005-03/0210.html
- http://secunia.com/advisories/14566
- http://www.holacms.de/?content=changelog
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19672
Products affected by CVE-2005-0795
-
cpe:2.3:a:hola:holacms:1.2.10
-
cpe:2.3:a:hola:holacms:1.2.9
-
cpe:2.3:a:hola:holacms:1.4
-
cpe:2.3:a:hola:holacms:1.4.1
-
cpe:2.3:a:hola:holacms:1.4.2
-
cpe:2.3:a:hola:holacms:1.4.2a
-
cpe:2.3:a:hola:holacms:1.4.3
-
cpe:2.3:a:hola:holacms:1.4.4
-
cpe:2.3:a:hola:holacms:1.4.5
-
cpe:2.3:a:hola:holacms:1.4.6
-
cpe:2.3:a:hola:holacms:1.4.7
-
cpe:2.3:a:hola:holacms:1.4.8
-
cpe:2.3:a:hola:holacms:1.4.9
-
cpe:2.3:a:hola:holacms:1.4.9_1