CVE-2005-3766

Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.

Published: Nov 23, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3766
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
exponent / exponent	0.94	0.94.x
exponent / exponent	0.96.3	0.96.3.x
exponent / exponent	0.96.1	0.96.1.x
exponent / exponent	0.95	0.95.x
exponent / exponent	0.96.4	0.96.4.x

http://secunia.com/advisories/17505
http://secunia.com/advisories/17655
http://www.securityfocus.com/archive/1/417218

Vulnerability Database

290,301

CVE-2005-3766