Description
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Roberto Moreno · textremotewindows
https://www.exploit-db.com/exploits/20687
References (3)
Core 3
Core References
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2488
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3839
Scores
EPSS
0.0306
EPSS Percentile
86.9%
Details
Status
published
Products (1)
oreilly/website_professional
< 2.5.4
Published
Aug 22, 2001
Tracked Since
Feb 18, 2026