PT-2005-4827 · Ckeditor+1 · Ckeditor+1
Publicado
2005-12-08
·
Atualizado
2017-07-20
·
CVE-2005-4095
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DoceboLMS version 2.0.4
Description
The issue allows remote attackers to list arbitrary files and directories. This is achieved by utilizing ".." sequences in the
Type parameter within a "GetFoldersAndFiles" command in the connector.php file of the fckeditor2rc2 addon.Recommendations
For DoceboLMS version 2.0.4, consider restricting access to the connector.php file in the fckeditor2rc2 addon to minimize the risk of exploitation. Avoid using the
Type parameter in the GetFoldersAndFiles command until the issue is resolved.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Docebolms
Ckeditor