HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
Max CVSS
5.0
EPSS Score
1.14%
Published
2005-03-14
Updated
2017-07-11
1 vulnerabilities found