CVE-2005-4384 Information

Description

CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.

Reference

http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html http://secunia.com/advisories/18145 http://www.osvdb.org/21857 http://www.osvdb.org/21858 https://exchange.xforce.ibmcloud.com/vulnerabilities/23822