CVE-2005-4600

Description

Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.

How to fix CVE-2005-4600

To remediate CVE-2005-4600, upgrade the affected package to a fixed version below.

• Debian/wordpress—upgrade to 2.5.1-3 or later

Is CVE-2005-4600 being exploited?

Moderate — EPSS is 17.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2.5.1-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-4600