CVE-2005-2147

Medium

6.4/10

Summary

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: NONE

References

Advisory Timeline

Published Jul 06, 2005

CVE-2005-2147

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS