PT-2005-1372 · Minis · Minis

Madelman

Published

2005-01-16

Updated

2017-07-11

CVE-2005-0294

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Minis version 0.2.1

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by sending an HTTP request for a file that the web server does not have permission to read, using the month parameter.

Recommendations For Minis version 0.2.1, consider restricting access to the minis.php file until a patch is available, or apply configuration changes to prevent the web server from attempting to read files it does not have permission to access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0294

Affected Products

Minis

PT-2005-1372 · Minis · Minis

CVE-2005-0294

Related Identifiers

Affected Products

References · 6