CVE-2005-4600
published 2005-12-31CVE-2005-4600: Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a…
PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
6.01%
92.4th percentile
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 2.5.1-3 (bookworm) | wordpress 2.5.1-3 (bookworm) |
| moxiecode | tinymce_compressor_php | <= 1.05 | — |
| wordpress | wordpress | >= 0 < 2.5.1-3 | 2.5.1-3 |
| wordpress | wordpress | >= 0 < 2.5.1-3 | 2.5.1-3 |
| wordpress | wordpress | >= 0 < 2.5.1-3 | 2.5.1-3 |
| wordpress | wordpress | >= 0 < 2.5.1-3 | 2.5.1-3 |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM
vendor_debian6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2005-4600: wordpress - Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP...
vendor_debian·2005·CVSS 6.4
CVE-2005-4600 [MEDIUM] CVE-2005-4600: wordpress - Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP...
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
Scope: local
bookworm: resolved (fixed in 2.5.1-3)
bullseye: resolved (fixed in 2.5.1-3)
forky: resolved (fixed in 2.5.1-3)
sid: resolved (fixed in 2.5.1-3)
trixie: resolved (fixed in 2.5.1-3)
GHSA
GHSA-32gf-9929-gmj6: Directory traversal vulnerability in tiny_mce_gzip
ghsa_unreviewed·2022-05-01
CVE-2005-4600 [MEDIUM] CWE-22 GHSA-32gf-9929-gmj6: Directory traversal vulnerability in tiny_mce_gzip
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
OSV
CVE-2005-4600: Directory traversal vulnerability in tiny_mce_gzip
osv·2005-12-31·CVSS 6.4
CVE-2005-4600 [MEDIUM] CVE-2005-4600: Directory traversal vulnerability in tiny_mce_gzip
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/18262http://securityreason.com/securityalert/306http://securitytracker.com/id?1015424http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244http://www.hardened-php.net/advisory_262005.111.htmlhttp://www.osvdb.org/22116http://www.securityfocus.com/archive/1/420543/100/0/threadedhttp://www.securityfocus.com/bid/16083https://exchange.xforce.ibmcloud.com/vulnerabilities/36736https://www.exploit-db.com/exploits/4441http://secunia.com/advisories/18262http://securityreason.com/securityalert/306http://securitytracker.com/id?1015424http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244http://www.hardened-php.net/advisory_262005.111.htmlhttp://www.osvdb.org/22116http://www.securityfocus.com/archive/1/420543/100/0/threadedhttp://www.securityfocus.com/bid/16083https://exchange.xforce.ibmcloud.com/vulnerabilities/36736https://www.exploit-db.com/exploits/4441
2005-12-31
Published