CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2005-0796 – HolaCMS 1.2.x/1.4.x Voting Module - Directory Traversal Remote File Corruption
https://notcve.org/view.php?id=CVE-2005-0796
Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory. • https://www.exploit-db.com/exploits/25222 http://marc.info/?l=bugtraq&m=111090966815089&w=2 http://secunia.com/advisories/14566 http://www.holacms.de/?content=changelog •
CVSS: 5.0EPSS: 1%CPEs: 14EXPL: 2CVE-2005-0795 – HolaCMS 1.2/1.4.x Voting Module - Remote File Corruption
https://notcve.org/view.php?id=CVE-2005-0795
HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. • https://www.exploit-db.com/exploits/25217 http://archives.neohapsis.com/archives/bugtraq/2005-03/0210.html http://secunia.com/advisories/14566 http://www.holacms.de/?content=changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/19672 •