CVE-2005-0796 Information

Description

Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a \holaDB/votes\ followed by a .. (dot dot) in the vote_filename parameter which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.

Reference

http://marc.info/?l=bugtraq&m=111090966815089&w=2 http://secunia.com/advisories/14566 http://www.holacms.de/?content=changelog