CVE Vulnerabilities

CVE-2005-0795

Published: Mar 14, 2005 | Modified: Nov 20, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.

Affected Software

Name Vendor Start Version End Version
Holacms Hola 1.2.9 (including) 1.2.9 (including)
Holacms Hola 1.2.10 (including) 1.2.10 (including)
Holacms Hola 1.4 (including) 1.4 (including)
Holacms Hola 1.4.1 (including) 1.4.1 (including)
Holacms Hola 1.4.2 (including) 1.4.2 (including)
Holacms Hola 1.4.2a (including) 1.4.2a (including)
Holacms Hola 1.4.3 (including) 1.4.3 (including)
Holacms Hola 1.4.4 (including) 1.4.4 (including)
Holacms Hola 1.4.5 (including) 1.4.5 (including)
Holacms Hola 1.4.6 (including) 1.4.6 (including)
Holacms Hola 1.4.7 (including) 1.4.7 (including)
Holacms Hola 1.4.8 (including) 1.4.8 (including)
Holacms Hola 1.4.9 (including) 1.4.9 (including)
Holacms Hola 1.4.9_1 (including) 1.4.9_1 (including)

References