CVE-2005-4389

search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:contens:contens:2.5:*:*:*:*:*:*:*
cpe:2.3:a:contens:contens:3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:04

Type Values Removed Values Added
References () http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html - () http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html -
References () http://secunia.com/advisories/18143 - () http://secunia.com/advisories/18143 -
References () http://www.osvdb.org/21825 - () http://www.osvdb.org/21825 -
References () http://www.vupen.com/english/advisories/2005/2981 - () http://www.vupen.com/english/advisories/2005/2981 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/23824 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/23824 -

Information

Published : 2005-12-20 02:03

Updated : 2024-11-21 00:04


NVD link : CVE-2005-4389

Mitre link : CVE-2005-4389

CVE.ORG link : CVE-2005-4389


JSON object : View

Products Affected

contens

  • contens