CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.

Published: Jun 19, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2007
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
edgewall_software / trac	0.7.1	0.7.1.x
edgewall_software / trac	0.6.1	0.6.1.x
edgewall_software / trac	0.8	0.8.x
edgewall_software / trac	0.5	0.5.x
edgewall_software / trac	0.6	0.6.x
edgewall_software / trac	0.8.2	0.8.2.x
edgewall_software / trac	0.5.2	0.5.2.x
edgewall_software / trac	0.5.1	0.5.1.x
edgewall_software / trac	0.8.3	0.8.3.x
edgewall_software / trac	0.8.1	0.8.1.x
edgewall_software / trac	0.7	0.7.x

http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034618.html
http://secunia.com/advisories/15752
http://svn.edgewall.com/repos/trac/tags/trac-0.8.4/ChangeLog
http://www.hardened-php.net/advisory-012005.php

Vulnerability Database

290,020

CVE-2005-2007