CVE-2005-2053

Published: Jun 28, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability.

Affected (10)

Products: Salims Softhouse: Jaf Cms

Salims Softhouse

1 product

Jaf Cms

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Salims Softhouse Jaf Cms	Version 1.0 final
Salims Softhouse Jaf Cms	Version 1.5
Salims Softhouse Jaf Cms	Version 2.0.5
Salims Softhouse Jaf Cms	Version 2.0 beta
Salims Softhouse Jaf Cms	Version 2.0 final
Salims Softhouse Jaf Cms	Version 2.1.0
Salims Softhouse Jaf Cms	Version 2.5
Salims Softhouse Jaf Cms	Version 3.0 rc2
Salims Softhouse Jaf Cms	Version 3.0 rc
Salims Softhouse Jaf Cms	Version 3.0 rc_fixed

References (6)

http://echo.or.id/adv/adv20-theday-2005.txt

Source: cve@mitre.org

ExploitVendor Advisory

http://marc.info/?l=bugtraq&m=111954840611126&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=111990004028512&w=2

Source: cve@mitre.org

http://echo.or.id/adv/adv20-theday-2005.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://marc.info/?l=bugtraq&m=111954840611126&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=111990004028512&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.