CVE-2005-4389 Information

Description

search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y (2) bool (3) itemsperpage (4) submit (5) submit.x (6) criteria (7) advanced and (8) intern parameters.

Reference

http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html http://secunia.com/advisories/18143 http://www.osvdb.org/21825 http://www.vupen.com/english/advisories/2005/2981 https://exchange.xforce.ibmcloud.com/vulnerabilities/23824