Vulnerabilities > CVE-2005-0293 - Remote Directory Traversal vulnerability in Minis 0.2.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

minis

nessus

NVD

Published: 2005-05-02

Updated: 2017-07-11

Summary

Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter.

Vulnerable Configurations

Part	Description	Count
Application	Minis Minis Minis 0.2.1	1

Nessus

NASL family	CGI abuses
NASL id	MINIS_FILE_READING.NASL
description	The remote host is running Minis, a weblogging system written in PHP. The remote version of this software is vulnerable to a directory traversal attack. Input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	16179
published	2005-01-17
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16179
title	Minis minis.php month Parameter Traversal Arbitrary File Access

Summary

Vulnerable Configurations

Nessus

References