CVE-2005-0795

HolaCMS 1.4.9 - Arbitrary File Write via Vote Filename Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0795. PoCs published by Virginity Security.

AI-analyzed exploit summary This exploit demonstrates a file corruption vulnerability in HolaCMS due to improper input validation in the voting mechanism. Attackers can submit voting data to arbitrary files, potentially leading to corruption of system files or scripts.

Description

HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Virginity Security · htmlwebappsphp
https://www.exploit-db.com/exploits/25217

This exploit demonstrates a file corruption vulnerability in HolaCMS due to improper input validation in the voting mechanism. Attackers can submit voting data to arbitrary files, potentially leading to corruption of system files or scripts.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: HolaCMS (version unspecified)
No auth needed
Prerequisites: Access to the voting functionality of HolaCMS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-03/0210.html
Patch, Vendor Advisory x_refsource_confirm
http://www.holacms.de/?content=changelog
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14566
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19672

Scores

EPSS 0.0244
EPSS Percentile 82.2%

Details

Status published
Products (14)
hola/holacms 1.2.9
hola/holacms 1.2.10
hola/holacms 1.4
hola/holacms 1.4.1
hola/holacms 1.4.2
hola/holacms 1.4.2a
hola/holacms 1.4.3
hola/holacms 1.4.4
hola/holacms 1.4.5
hola/holacms 1.4.6
... and 4 more
Published Mar 14, 2005
Tracked Since Feb 18, 2026