Lucene search

MitreCVE-2004-1505

HistoryFeb 19, 2005 - 5:00 a.m.

CVE-2004-1505

2005-02-1905:00:00

mitre

web.nvd.nist.gov

cve-2004-1505

directory traversal

index.php

jaf cms 3.0rc

remote attackers

arbitrary files

php code

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a … (dot dot) in the show parameter.

Affected configurations

Nvd

Node

salims_softhousejaf_cmsMatch3.0rc

VendorProductVersionCPE
salims_softhousejaf_cms3.0cpe:2.3:a:salims_softhouse:jaf_cms:3.0:rc:*:*:*:*:*:*

Vendor	Product	Version	CPE
salims_softhouse	jaf_cms	3.0	cpe:2.3:a:salims_softhouse:jaf_cms:3.0:rc::::::

References

echo.or.id/adv/adv08-y3dips-2004.txt

marc.info/?l=bugtraq&m=110004150430309&w=2

secunia.com/advisories/13104

www.securityfocus.com/bid/11627

exchange.xforce.ibmcloud.com/vulnerabilities/17983

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

Related for CVE-2004-1505