Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2848

5 documents5 sources
Severity
5.0MEDIUM
EPSS
41.8%
top 2.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Barracuda Networks Barracuda Spam Firewall
Timeline
PublishedSep 8
Latest updateMay 1

Description

Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: secunia.comPatch: securiweb.netPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-xxhw-3mwj-8m78: Directory traversal vulnerability in img2022-05-01
CVEList
CVE-2005-2848: Directory traversal vulnerability in img2005-09-08
VulnCheck
Barracuda Networks barracuda_spam_firewall Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2005

💥Exploits & PoCs

1
Exploit-DB
Barracuda Spam Firewall < 3.1.18 - Command Execution (Metasploit)2005-09-27
CVE-2005-2848 (MEDIUM CVSS 5) | Directory traversal vulnerability i | cvebase.io