CVE-2005-0795 | Vulnerability Database | Aqua Security

HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.

Affected Software

Name	Vendor	Start Version	End Version
Holacms	Hola	1.2.9 (including)	1.2.9 (including)
Holacms	Hola	1.2.10 (including)	1.2.10 (including)
Holacms	Hola	1.4 (including)	1.4 (including)
Holacms	Hola	1.4.1 (including)	1.4.1 (including)
Holacms	Hola	1.4.2 (including)	1.4.2 (including)
Holacms	Hola	1.4.2a (including)	1.4.2a (including)
Holacms	Hola	1.4.3 (including)	1.4.3 (including)
Holacms	Hola	1.4.4 (including)	1.4.4 (including)
Holacms	Hola	1.4.5 (including)	1.4.5 (including)
Holacms	Hola	1.4.6 (including)	1.4.6 (including)
Holacms	Hola	1.4.7 (including)	1.4.7 (including)
Holacms	Hola	1.4.8 (including)	1.4.8 (including)
Holacms	Hola	1.4.9 (including)	1.4.9 (including)
Holacms	Hola	1.4.9_1 (including)	1.4.9_1 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2005-03/0210.html
http://secunia.com/advisories/14566
http://www.holacms.de/?content=changelog
https://exchange.xforce.ibmcloud.com/vulnerabilities/19672

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0795
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html