CVE-2005-2053 Information

Feb 14, 2021 cve

Description

Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks (asterisk) in the id parameter (2) a blank id parameter or (3) an LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks (asterisk) in the disp parameter to index.php which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability.

Reference

http://echo.or.id/adv/adv20-theday-2005.txt http://marc.info/?l=bugtraq&m=111954840611126&w=2 http://marc.info/?l=bugtraq&m=111990004028512&w=2

Share on: