Vulnerabilities > CVE-2005-4384 - Remote Security vulnerability in Citysoft Community Enterprise 4.X

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
citysoft
NVD
Published: 2005-12-20
Updated: 2017-07-20

Summary

CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.

Vulnerable Configurations

Part Description Count
Application
Citysoft
1

References