Vulnerability Details CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.4%
CVSS Severity
CVSS v2 Score 6.4
References
- http://secunia.com/advisories/15752
- http://www.debian.org/security/2005/dsa-739
- http://www.hardened-php.net/advisory-012005.php
- http://www.securityfocus.com/bid/13990
- http://secunia.com/advisories/15752
- http://www.debian.org/security/2005/dsa-739
- http://www.hardened-php.net/advisory-012005.php
- http://www.securityfocus.com/bid/13990
Products affected by CVE-2005-2147
-
cpe:2.3:a:edgewall_software:trac:0.7.1
-
cpe:2.3:a:edgewall_software:trac:0.8.1
-
cpe:2.3:a:edgewall_software:trac:0.8.3