PT-2005-4827 · Ckeditor+1 · Ckeditor+1
Published
2005-12-08
·
Updated
2017-07-20
·
CVE-2005-4095
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DoceboLMS version 2.0.4
Description
The issue allows remote attackers to list arbitrary files and directories. This is achieved by utilizing ".." sequences in the
Type parameter within a "GetFoldersAndFiles" command in the connector.php file of the fckeditor2rc2 addon.Recommendations
For DoceboLMS version 2.0.4, consider restricting access to the connector.php file in the fckeditor2rc2 addon to minimize the risk of exploitation. Avoid using the
Type parameter in the GetFoldersAndFiles command until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Docebolms
Ckeditor