Medium
CVSS 6.4
Overview
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
CVE-2005-4384
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full pat...
Risk analysis
This vulnerability is rated 🟡 MEDIUM.
- CVSS: 6.4 (MEDIUM)
- Detected tags: none (tag impact: LOW)
Recommended actions:
- Prioritize remediation based on business criticality and exposure.
- Limit exposure and increase monitoring until fixed.