PT-2003-1849 · Parallels · Tsitebuilder
Published
2003-09-06
·
Updated
2008-09-10
·
CVE-2003-0756
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SiteBuilder version 1.4
Description:
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using .. (dot dot) sequences in the
selectedpage parameter of the sitebuilder.cgi endpoint.Recommendations:
For SiteBuilder version 1.4, consider restricting access to the sitebuilder.cgi endpoint until a patch is available. As a temporary workaround, avoid using the
selectedpage parameter with .. (dot dot) sequences to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tsitebuilder