Vulnerabilities > CVE-2004-0302 - Remote File Disclosure vulnerability in Fools Workshop Owls Workshop 1.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
fools-workshop
exploit available
NVD
Published: 2004-11-23
Updated: 2017-07-11

Summary

Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.

Vulnerable Configurations

Part Description Count
Application
Fools_Workshop
1

Exploit-Db

  • descriptionFool's Workshop Owl's Workshop 1.0 multiplechoice/index.php Arbitrary File Access. CVE-2004-0302. Webapps exploit for php platform
    idEDB-ID:23722
    last seen2016-02-02
    modified2004-02-18
    published2004-02-18
    reporterG00db0y
    sourcehttps://www.exploit-db.com/download/23722/
    titleFool's Workshop Owl's Workshop 1.0 - multiplechoice/index.php Arbitrary File Access
  • descriptionFool's Workshop Owl's Workshop 1.0 newmultiplechoice.php Arbitrary File Access&. CVE-2004-0302. Webapps exploit for php platform
    idEDB-ID:23724
    last seen2016-02-02
    modified2004-02-18
    published2004-02-18
    reporterG00db0y
    sourcehttps://www.exploit-db.com/download/23724/
    titleFool's Workshop Owl's Workshop 1.0 newmultiplechoice.php Arbitrary File Access
  • descriptionFool's Workshop Owl's Workshop 1.0 glossary.php Arbitrary File Access. CVE-2004-0302. Webapps exploit for php platform
    idEDB-ID:23723
    last seen2016-02-02
    modified2004-02-18
    published2004-02-18
    reporterG00db0y
    sourcehttps://www.exploit-db.com/download/23723/
    titleFool's Workshop Owl's Workshop 1.0 glossary.php Arbitrary File Access

References