cbcvebase.
CVE-2005-2848
published 2005-09-08

CVE-2005-2848: Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a…

PriorityP268medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
8.77%
94.5th percentile
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
barracuda_networksbarracuda_spam_firewall
barracuda_networksbarracuda_spam_firewall

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/img.pl
url/cgi-bin/img.pl?f=%2e%2e/etc/hosts
command../bin/sh -c "echo 'YYY';<cmd>;echo 'YYY'"|
  • Detect directory traversal attempts against img.pl via the 'f' parameter containing URL-encoded or literal dot-dot sequences (e.g., %2e%2e or ../).
  • Alert on HTTP GET requests to /cgi-bin/img.pl with the 'f' parameter containing %2e%2e or ../ path traversal patterns, especially targeting /etc/hosts or /bin/sh.
  • The exploit uses a pipe character and shell invocation appended to the f parameter for RCE; detect URL-encoded pipe characters or 'bin/sh' strings in requests to img.pl.
  • The exploit targets port 8000 by default; monitor for traversal/RCE patterns on non-standard HTTP ports (8000) on Barracuda appliances.
  • ·Vulnerable firmware versions are 3.1.16 and 3.1.17; versions prior to 3.1.18 are affected. Ensure detection rules are scoped to these versions or applied broadly until patched.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.