CVE-2005-2147

EPSS 0.43%

trac - missing input sanitising

Published: 7/6/2005Modified: 4/28/2026

Also known as:DEBIAN-CVE-2005-2147

Description

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.

Affected packages (2)

Debian/tracfrom 0, < 0.8.4-1
Debian/tracfrom 0, < 0.8.1-3sarge2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-2147