PT-2005-2550 · Showoff! · Showoff!

Published

2005-05-14

Updated

2008-09-05

CVE-2005-1571

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ShowOff! version 1.5.4

Description The issue allows remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts. This is due to multiple directory traversal vulnerabilities.

Recommendations For ShowOff! version 1.5.4, consider restricting access to the ShowAlbum, ShowVideo, and ShowGraphic scripts until a patch is available. As a temporary workaround, avoid using arguments with ".." sequences in these scripts to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1571

Affected Products

Showoff!

PT-2005-2550 · Showoff! · Showoff!

CVE-2005-1571

Related Identifiers

Affected Products

References · 3