PT-2005-3916 · Contentserv · Contentserv
Published
2005-09-27
·
Updated
2008-09-05
·
CVE-2005-3086
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
contentServ version 3.1
Description
A directory traversal issue exists, allowing remote attackers to read or include arbitrary files. This is achieved by using ".." sequences in the
ctsWebsite parameter of the admin/about.php file.Recommendations
For contentServ version 3.1, consider restricting access to the admin/about.php file until a patch is available. As a temporary workaround, avoid using the
ctsWebsite parameter in the affected file to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Contentserv