CVE-2005-2147

EPSS 0.43%

trac - missing input sanitising

發布日:2005/7/6修改日:2026/4/28

描述

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.

受影響套件(2)

Debian/tracfrom 0, < 0.8.4-1
Debian/tracfrom 0, < 0.8.1-3sarge2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-2147