PT-2005-3853 · Content2Web · Content2Web
Publicado
2005-09-21
·
Atualizado
2008-09-05
·
CVE-2005-3017
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Content2Web version 1.0.1
Description
The issue allows remote attackers to include arbitrary files via the
show parameter in the "index.php" file. This can lead to errors such as path disclosure, SQL error messages, and cross-site scripting (XSS).Recommendations
For Content2Web version 1.0.1, consider restricting access to the
show parameter in the "index.php" file to minimize the risk of exploitation. As a temporary workaround, avoid using the show parameter until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Content2Web