Penetration Testing UK

CVE-2005-2897

CVE-2005-2897

Severity Score

5.0

Access Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

Summary

WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php.

Learn more about our Penetration Testing services.