Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.
Software | From | Fixed in |
---|---|---|
edgewall_software / trac | 0.5 | 0.5.x |
edgewall_software / trac | 0.5.1 | 0.5.1.x |
edgewall_software / trac | 0.5.2 | 0.5.2.x |
edgewall_software / trac | 0.6 | 0.6.x |
edgewall_software / trac | 0.6.1 | 0.6.1.x |
edgewall_software / trac | 0.7 | 0.7.x |
edgewall_software / trac | 0.7.1 | 0.7.1.x |
edgewall_software / trac | 0.8 | 0.8.x |
edgewall_software / trac | 0.8.1 | 0.8.1.x |
edgewall_software / trac | 0.8.2 | 0.8.2.x |
edgewall_software / trac | 0.8.3 | 0.8.3.x |