cbcvebase.
CVE-2005-4600
published 2005-12-31

CVE-2005-4600: Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a…

PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
6.01%
92.4th percentile
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianwordpress< wordpress 2.5.1-3 (bookworm)wordpress 2.5.1-3 (bookworm)
moxiecodetinymce_compressor_php<= 1.05
wordpresswordpress>= 0 < 2.5.1-32.5.1-3
wordpresswordpress>= 0 < 2.5.1-32.5.1-3
wordpresswordpress>= 0 < 2.5.1-32.5.1-3
wordpresswordpress>= 0 < 2.5.1-32.5.1-3

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM
vendor_debian6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.