Vulnerability Description
search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contens | Contens | 2.5 |
References
- http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html
- http://secunia.com/advisories/18143
- http://www.osvdb.org/21825
- http://www.vupen.com/english/advisories/2005/2981
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23824
- http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html
- http://secunia.com/advisories/18143
- http://www.osvdb.org/21825
- http://www.vupen.com/english/advisories/2005/2981
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23824
FAQ
What is CVE-2005-4389?
CVE-2005-4389 is a vulnerability with a CVSS score of 5.0 (MEDIUM). search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced,...
How severe is CVE-2005-4389?
CVE-2005-4389 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4389?
Check the references section above for vendor advisories and patch information. Affected products include: Contens Contens.