PT-2005-3853 · Content2Web · Content2Web
Published
2005-09-21
·
Updated
2008-09-05
·
CVE-2005-3017
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Content2Web version 1.0.1
Description
The issue allows remote attackers to include arbitrary files via the
show parameter in the "index.php" file. This can lead to errors such as path disclosure, SQL error messages, and cross-site scripting (XSS).Recommendations
For Content2Web version 1.0.1, consider restricting access to the
show parameter in the "index.php" file to minimize the risk of exploitation. As a temporary workaround, avoid using the show parameter until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Content2Web